Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: try parse server.origin URL #19241

Merged
merged 1 commit into from
Jan 20, 2025
Merged

fix: try parse server.origin URL #19241

merged 1 commit into from
Jan 20, 2025

Conversation

bluwy
Copy link
Member

@bluwy bluwy commented Jan 20, 2025

Description

fix #19239

This line is causing the latest version to fail: https://github.com/laravel/vite-plugin/blob/e57a940c22f90e72002380d3dad1a2c6f1921983/src/index.ts#L154

I don't think we really expect frameworks to configure the option this way, but they have an interesting usecase that indeed make it seem like we could improve the server.origin option a bit, but maybe later in the future.

patak-dev
patak-dev approved these changes Jan 20, 2025
View reviewed changes
Copy link
Member

@patak-dev patak-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should keep this fix, but we can do a quick patch with it to avoid disruption in the patch. As you said, this doesn't open up a security problem and it will still work for laravel. We should review this for 6.1 or 7.0

@patak-dev patak-dev merged commit 2495022 into main Jan 20, 2025
15 checks passed
@patak-dev patak-dev deleted the server-origin-try-parse branch January 20, 2025 19:30
@patak-dev patak-dev mentioned this pull request Jan 20, 2025
Closed
7 tasks
dominikg
dominikg reviewed Jan 20, 2025
View reviewed changes
packages/vite/src/node/server/middlewares/hostCheck.ts
try {
const serverOriginUrl = new URL(resolvedServerOptions.origin)
list.push(serverOriginUrl.hostname)
} catch {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this have a debug log at least? quiet swallowing can lead to long and frustrating debug sessions

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can add one, yes, but I don't expect that this fix will stay in place

patak-dev pushed a commit that referenced this pull request Jan 20, 2025
@bluwy @patak-dev
fix: try parse server.origin URL (#19241)
5946215
patak-dev pushed a commit that referenced this pull request Jan 20, 2025
@bluwy @patak-dev
fix: try parse server.origin URL (#19241)
3680bad
@meduzen meduzen mentioned this pull request Jan 20, 2025
Merged
@timacdonald
Copy link
Contributor

We really appreciate the Vite team making this consideration for the Laravel community.

We have a PR up to make our placeholder URL a well-formed URL, which should mean this check can be removed and our plugin will continue to work.

laravel/vite-plugin#317

Thank you again for supporting our community!

renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Jan 24, 2025
@renovate
Update dependency vite to v6.0.11
296fcce 
| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| npm        | vite    | 6.0.7 | 6.0.11 |


## [v6.0.11](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6011-2025-01-21-small)

-   fix: `preview.allowedHosts` with specific values was not respected ([#19246](vitejs/vite#19246)) ([aeb3ec8](vitejs/vite@aeb3ec8)), closes [#19246](vitejs/vite#19246)
-   fix: allow CORS from loopback addresses by default ([#19249](vitejs/vite#19249)) ([3d03899](vitejs/vite@3d03899)), closes [#19249](vitejs/vite#19249)


## [v6.0.10](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6010-2025-01-20-small)

-   fix: try parse `server.origin` URL ([#19241](vitejs/vite#19241)) ([2495022](vitejs/vite@2495022)), closes [#19241](vitejs/vite#19241)


## [v6.0.9](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small609-2025-01-20-small)

-   fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([bd896fb](vitejs/vite@bd896fb))
-   fix!: default `server.cors: false` to disallow fetching from untrusted origins ([b09572a](vitejs/vite@b09572a))
-   fix: verify token for HMR WebSocket connection ([029dcd6](vitejs/vite@029dcd6))


## [v6.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small608-2025-01-20-small)

-   fix: avoid SSR HMR for HTML files ([#19193](vitejs/vite#19193)) ([3bd55bc](vitejs/vite@3bd55bc)), closes [#19193](vitejs/vite#19193)
-   fix: build time display 7m 60s ([#19108](vitejs/vite#19108)) ([cf0d2c8](vitejs/vite@cf0d2c8)), closes [#19108](vitejs/vite#19108)
-   fix: don't resolve URL starting with double slash ([#19059](vitejs/vite#19059)) ([35942cd](vitejs/vite@35942cd)), closes [#19059](vitejs/vite#19059)
-   fix: ensure `server.close()` only called once ([#19204](vitejs/vite#19204)) ([db81c2d](vitejs/vite@db81c2d)), closes [#19204](vitejs/vite#19204)
-   fix: resolve.conditions in ResolvedConfig was `defaultServerConditions` ([#19174](vitejs/vite#19174)) ([ad75c56](vitejs/vite@ad75c56)), closes [#19174](vitejs/vite#19174)
-   fix: tree shake stringified JSON imports ([#19189](vitejs/vite#19189)) ([f2aed62](vitejs/vite@f2aed62)), closes [#19189](vitejs/vite#19189)
-   fix: use shared sigterm callback ([#19203](vitejs/vite#19203)) ([47039f4](vitejs/vite@47039f4)), closes [#19203](vitejs/vite#19203)
-   fix(deps): update all non-major dependencies ([#19098](vitejs/vite#19098)) ([8639538](vitejs/vite@8639538)), closes [#19098](vitejs/vite#19098)
-   fix(optimizer): use correct default install state path for yarn PnP ([#19119](vitejs/vite#19119)) ([e690d8b](vitejs/vite@e690d8b)), closes [#19119](vitejs/vite#19119)
-   fix(types): improve `ESBuildOptions.include / exclude` type to allow `readonly (string | RegExp)[]`  ([ea53e70](vitejs/vite@ea53e70)), closes [#19146](vitejs/vite#19146)
-   chore(deps): update dependency pathe to v2 ([#19139](vitejs/vite#19139)) ([71506f0](vitejs/vite@71506f0)), closes [#19139](vitejs/vite#19139)
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Jan 25, 2025
@renovate
Update dependency vite to v6.0.11
dd678a0 
| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| npm        | vite    | 6.0.7 | 6.0.11 |


## [v6.0.11](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6011-2025-01-21-small)

-   fix: `preview.allowedHosts` with specific values was not respected ([#19246](vitejs/vite#19246)) ([aeb3ec8](vitejs/vite@aeb3ec8)), closes [#19246](vitejs/vite#19246)
-   fix: allow CORS from loopback addresses by default ([#19249](vitejs/vite#19249)) ([3d03899](vitejs/vite@3d03899)), closes [#19249](vitejs/vite#19249)


## [v6.0.10](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6010-2025-01-20-small)

-   fix: try parse `server.origin` URL ([#19241](vitejs/vite#19241)) ([2495022](vitejs/vite@2495022)), closes [#19241](vitejs/vite#19241)


## [v6.0.9](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small609-2025-01-20-small)

-   fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([bd896fb](vitejs/vite@bd896fb))
-   fix!: default `server.cors: false` to disallow fetching from untrusted origins ([b09572a](vitejs/vite@b09572a))
-   fix: verify token for HMR WebSocket connection ([029dcd6](vitejs/vite@029dcd6))


## [v6.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small608-2025-01-20-small)

-   fix: avoid SSR HMR for HTML files ([#19193](vitejs/vite#19193)) ([3bd55bc](vitejs/vite@3bd55bc)), closes [#19193](vitejs/vite#19193)
-   fix: build time display 7m 60s ([#19108](vitejs/vite#19108)) ([cf0d2c8](vitejs/vite@cf0d2c8)), closes [#19108](vitejs/vite#19108)
-   fix: don't resolve URL starting with double slash ([#19059](vitejs/vite#19059)) ([35942cd](vitejs/vite@35942cd)), closes [#19059](vitejs/vite#19059)
-   fix: ensure `server.close()` only called once ([#19204](vitejs/vite#19204)) ([db81c2d](vitejs/vite@db81c2d)), closes [#19204](vitejs/vite#19204)
-   fix: resolve.conditions in ResolvedConfig was `defaultServerConditions` ([#19174](vitejs/vite#19174)) ([ad75c56](vitejs/vite@ad75c56)), closes [#19174](vitejs/vite#19174)
-   fix: tree shake stringified JSON imports ([#19189](vitejs/vite#19189)) ([f2aed62](vitejs/vite@f2aed62)), closes [#19189](vitejs/vite#19189)
-   fix: use shared sigterm callback ([#19203](vitejs/vite#19203)) ([47039f4](vitejs/vite@47039f4)), closes [#19203](vitejs/vite#19203)
-   fix(deps): update all non-major dependencies ([#19098](vitejs/vite#19098)) ([8639538](vitejs/vite@8639538)), closes [#19098](vitejs/vite#19098)
-   fix(optimizer): use correct default install state path for yarn PnP ([#19119](vitejs/vite#19119)) ([e690d8b](vitejs/vite@e690d8b)), closes [#19119](vitejs/vite#19119)
-   fix(types): improve `ESBuildOptions.include / exclude` type to allow `readonly (string | RegExp)[]`  ([ea53e70](vitejs/vite@ea53e70)), closes [#19146](vitejs/vite#19146)
-   chore(deps): update dependency pathe to v2 ([#19139](vitejs/vite#19139)) ([71506f0](vitejs/vite@71506f0)), closes [#19139](vitejs/vite#19139)
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Jan 26, 2025
@renovate
Update dependency vite to v6.0.11
13f2207 
| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| npm        | vite    | 6.0.7 | 6.0.11 |


## [v6.0.11](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6011-2025-01-21-small)

-   fix: `preview.allowedHosts` with specific values was not respected ([#19246](vitejs/vite#19246)) ([aeb3ec8](vitejs/vite@aeb3ec8)), closes [#19246](vitejs/vite#19246)
-   fix: allow CORS from loopback addresses by default ([#19249](vitejs/vite#19249)) ([3d03899](vitejs/vite@3d03899)), closes [#19249](vitejs/vite#19249)


## [v6.0.10](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6010-2025-01-20-small)

-   fix: try parse `server.origin` URL ([#19241](vitejs/vite#19241)) ([2495022](vitejs/vite@2495022)), closes [#19241](vitejs/vite#19241)


## [v6.0.9](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small609-2025-01-20-small)

-   fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([bd896fb](vitejs/vite@bd896fb))
-   fix!: default `server.cors: false` to disallow fetching from untrusted origins ([b09572a](vitejs/vite@b09572a))
-   fix: verify token for HMR WebSocket connection ([029dcd6](vitejs/vite@029dcd6))


## [v6.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small608-2025-01-20-small)

-   fix: avoid SSR HMR for HTML files ([#19193](vitejs/vite#19193)) ([3bd55bc](vitejs/vite@3bd55bc)), closes [#19193](vitejs/vite#19193)
-   fix: build time display 7m 60s ([#19108](vitejs/vite#19108)) ([cf0d2c8](vitejs/vite@cf0d2c8)), closes [#19108](vitejs/vite#19108)
-   fix: don't resolve URL starting with double slash ([#19059](vitejs/vite#19059)) ([35942cd](vitejs/vite@35942cd)), closes [#19059](vitejs/vite#19059)
-   fix: ensure `server.close()` only called once ([#19204](vitejs/vite#19204)) ([db81c2d](vitejs/vite@db81c2d)), closes [#19204](vitejs/vite#19204)
-   fix: resolve.conditions in ResolvedConfig was `defaultServerConditions` ([#19174](vitejs/vite#19174)) ([ad75c56](vitejs/vite@ad75c56)), closes [#19174](vitejs/vite#19174)
-   fix: tree shake stringified JSON imports ([#19189](vitejs/vite#19189)) ([f2aed62](vitejs/vite@f2aed62)), closes [#19189](vitejs/vite#19189)
-   fix: use shared sigterm callback ([#19203](vitejs/vite#19203)) ([47039f4](vitejs/vite@47039f4)), closes [#19203](vitejs/vite#19203)
-   fix(deps): update all non-major dependencies ([#19098](vitejs/vite#19098)) ([8639538](vitejs/vite@8639538)), closes [#19098](vitejs/vite#19098)
-   fix(optimizer): use correct default install state path for yarn PnP ([#19119](vitejs/vite#19119)) ([e690d8b](vitejs/vite@e690d8b)), closes [#19119](vitejs/vite#19119)
-   fix(types): improve `ESBuildOptions.include / exclude` type to allow `readonly (string | RegExp)[]`  ([ea53e70](vitejs/vite@ea53e70)), closes [#19146](vitejs/vite#19146)
-   chore(deps): update dependency pathe to v2 ([#19139](vitejs/vite#19139)) ([71506f0](vitejs/vite@71506f0)), closes [#19139](vitejs/vite#19139)
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Jan 27, 2025
@renovate
Update dependency vite to v6.0.11
9bf5bfb 
| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| npm        | vite    | 6.0.7 | 6.0.11 |


## [v6.0.11](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6011-2025-01-21-small)

-   fix: `preview.allowedHosts` with specific values was not respected ([#19246](vitejs/vite#19246)) ([aeb3ec8](vitejs/vite@aeb3ec8)), closes [#19246](vitejs/vite#19246)
-   fix: allow CORS from loopback addresses by default ([#19249](vitejs/vite#19249)) ([3d03899](vitejs/vite@3d03899)), closes [#19249](vitejs/vite#19249)


## [v6.0.10](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6010-2025-01-20-small)

-   fix: try parse `server.origin` URL ([#19241](vitejs/vite#19241)) ([2495022](vitejs/vite@2495022)), closes [#19241](vitejs/vite#19241)


## [v6.0.9](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small609-2025-01-20-small)

-   fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([bd896fb](vitejs/vite@bd896fb))
-   fix!: default `server.cors: false` to disallow fetching from untrusted origins ([b09572a](vitejs/vite@b09572a))
-   fix: verify token for HMR WebSocket connection ([029dcd6](vitejs/vite@029dcd6))


## [v6.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small608-2025-01-20-small)

-   fix: avoid SSR HMR for HTML files ([#19193](vitejs/vite#19193)) ([3bd55bc](vitejs/vite@3bd55bc)), closes [#19193](vitejs/vite#19193)
-   fix: build time display 7m 60s ([#19108](vitejs/vite#19108)) ([cf0d2c8](vitejs/vite@cf0d2c8)), closes [#19108](vitejs/vite#19108)
-   fix: don't resolve URL starting with double slash ([#19059](vitejs/vite#19059)) ([35942cd](vitejs/vite@35942cd)), closes [#19059](vitejs/vite#19059)
-   fix: ensure `server.close()` only called once ([#19204](vitejs/vite#19204)) ([db81c2d](vitejs/vite@db81c2d)), closes [#19204](vitejs/vite#19204)
-   fix: resolve.conditions in ResolvedConfig was `defaultServerConditions` ([#19174](vitejs/vite#19174)) ([ad75c56](vitejs/vite@ad75c56)), closes [#19174](vitejs/vite#19174)
-   fix: tree shake stringified JSON imports ([#19189](vitejs/vite#19189)) ([f2aed62](vitejs/vite@f2aed62)), closes [#19189](vitejs/vite#19189)
-   fix: use shared sigterm callback ([#19203](vitejs/vite#19203)) ([47039f4](vitejs/vite@47039f4)), closes [#19203](vitejs/vite#19203)
-   fix(deps): update all non-major dependencies ([#19098](vitejs/vite#19098)) ([8639538](vitejs/vite@8639538)), closes [#19098](vitejs/vite#19098)
-   fix(optimizer): use correct default install state path for yarn PnP ([#19119](vitejs/vite#19119)) ([e690d8b](vitejs/vite@e690d8b)), closes [#19119](vitejs/vite#19119)
-   fix(types): improve `ESBuildOptions.include / exclude` type to allow `readonly (string | RegExp)[]`  ([ea53e70](vitejs/vite@ea53e70)), closes [#19146](vitejs/vite#19146)
-   chore(deps): update dependency pathe to v2 ([#19139](vitejs/vite#19139)) ([71506f0](vitejs/vite@71506f0)), closes [#19139](vitejs/vite#19139)
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Jan 29, 2025
@renovate
Update dependency vite to v6.0.11
592f57a 
| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| npm        | vite    | 6.0.7 | 6.0.11 |


## [v6.0.11](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6011-2025-01-21-small)

-   fix: `preview.allowedHosts` with specific values was not respected ([#19246](vitejs/vite#19246)) ([aeb3ec8](vitejs/vite@aeb3ec8)), closes [#19246](vitejs/vite#19246)
-   fix: allow CORS from loopback addresses by default ([#19249](vitejs/vite#19249)) ([3d03899](vitejs/vite@3d03899)), closes [#19249](vitejs/vite#19249)


## [v6.0.10](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6010-2025-01-20-small)

-   fix: try parse `server.origin` URL ([#19241](vitejs/vite#19241)) ([2495022](vitejs/vite@2495022)), closes [#19241](vitejs/vite#19241)


## [v6.0.9](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small609-2025-01-20-small)

-   fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([bd896fb](vitejs/vite@bd896fb))
-   fix!: default `server.cors: false` to disallow fetching from untrusted origins ([b09572a](vitejs/vite@b09572a))
-   fix: verify token for HMR WebSocket connection ([029dcd6](vitejs/vite@029dcd6))


## [v6.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small608-2025-01-20-small)

-   fix: avoid SSR HMR for HTML files ([#19193](vitejs/vite#19193)) ([3bd55bc](vitejs/vite@3bd55bc)), closes [#19193](vitejs/vite#19193)
-   fix: build time display 7m 60s ([#19108](vitejs/vite#19108)) ([cf0d2c8](vitejs/vite@cf0d2c8)), closes [#19108](vitejs/vite#19108)
-   fix: don't resolve URL starting with double slash ([#19059](vitejs/vite#19059)) ([35942cd](vitejs/vite@35942cd)), closes [#19059](vitejs/vite#19059)
-   fix: ensure `server.close()` only called once ([#19204](vitejs/vite#19204)) ([db81c2d](vitejs/vite@db81c2d)), closes [#19204](vitejs/vite#19204)
-   fix: resolve.conditions in ResolvedConfig was `defaultServerConditions` ([#19174](vitejs/vite#19174)) ([ad75c56](vitejs/vite@ad75c56)), closes [#19174](vitejs/vite#19174)
-   fix: tree shake stringified JSON imports ([#19189](vitejs/vite#19189)) ([f2aed62](vitejs/vite@f2aed62)), closes [#19189](vitejs/vite#19189)
-   fix: use shared sigterm callback ([#19203](vitejs/vite#19203)) ([47039f4](vitejs/vite@47039f4)), closes [#19203](vitejs/vite#19203)
-   fix(deps): update all non-major dependencies ([#19098](vitejs/vite#19098)) ([8639538](vitejs/vite@8639538)), closes [#19098](vitejs/vite#19098)
-   fix(optimizer): use correct default install state path for yarn PnP ([#19119](vitejs/vite#19119)) ([e690d8b](vitejs/vite@e690d8b)), closes [#19119](vitejs/vite#19119)
-   fix(types): improve `ESBuildOptions.include / exclude` type to allow `readonly (string | RegExp)[]`  ([ea53e70](vitejs/vite@ea53e70)), closes [#19146](vitejs/vite#19146)
-   chore(deps): update dependency pathe to v2 ([#19139](vitejs/vite#19139)) ([71506f0](vitejs/vite@71506f0)), closes [#19139](vitejs/vite#19139)
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Jan 31, 2025
@renovate
Update dependency vite to v6.0.11
693713e 
| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| npm        | vite    | 6.0.7 | 6.0.11 |


## [v6.0.11](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6011-2025-01-21-small)

-   fix: `preview.allowedHosts` with specific values was not respected ([#19246](vitejs/vite#19246)) ([aeb3ec8](vitejs/vite@aeb3ec8)), closes [#19246](vitejs/vite#19246)
-   fix: allow CORS from loopback addresses by default ([#19249](vitejs/vite#19249)) ([3d03899](vitejs/vite@3d03899)), closes [#19249](vitejs/vite#19249)


## [v6.0.10](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6010-2025-01-20-small)

-   fix: try parse `server.origin` URL ([#19241](vitejs/vite#19241)) ([2495022](vitejs/vite@2495022)), closes [#19241](vitejs/vite#19241)


## [v6.0.9](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small609-2025-01-20-small)

-   fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([bd896fb](vitejs/vite@bd896fb))
-   fix!: default `server.cors: false` to disallow fetching from untrusted origins ([b09572a](vitejs/vite@b09572a))
-   fix: verify token for HMR WebSocket connection ([029dcd6](vitejs/vite@029dcd6))


## [v6.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small608-2025-01-20-small)

-   fix: avoid SSR HMR for HTML files ([#19193](vitejs/vite#19193)) ([3bd55bc](vitejs/vite@3bd55bc)), closes [#19193](vitejs/vite#19193)
-   fix: build time display 7m 60s ([#19108](vitejs/vite#19108)) ([cf0d2c8](vitejs/vite@cf0d2c8)), closes [#19108](vitejs/vite#19108)
-   fix: don't resolve URL starting with double slash ([#19059](vitejs/vite#19059)) ([35942cd](vitejs/vite@35942cd)), closes [#19059](vitejs/vite#19059)
-   fix: ensure `server.close()` only called once ([#19204](vitejs/vite#19204)) ([db81c2d](vitejs/vite@db81c2d)), closes [#19204](vitejs/vite#19204)
-   fix: resolve.conditions in ResolvedConfig was `defaultServerConditions` ([#19174](vitejs/vite#19174)) ([ad75c56](vitejs/vite@ad75c56)), closes [#19174](vitejs/vite#19174)
-   fix: tree shake stringified JSON imports ([#19189](vitejs/vite#19189)) ([f2aed62](vitejs/vite@f2aed62)), closes [#19189](vitejs/vite#19189)
-   fix: use shared sigterm callback ([#19203](vitejs/vite#19203)) ([47039f4](vitejs/vite@47039f4)), closes [#19203](vitejs/vite#19203)
-   fix(deps): update all non-major dependencies ([#19098](vitejs/vite#19098)) ([8639538](vitejs/vite@8639538)), closes [#19098](vitejs/vite#19098)
-   fix(optimizer): use correct default install state path for yarn PnP ([#19119](vitejs/vite#19119)) ([e690d8b](vitejs/vite@e690d8b)), closes [#19119](vitejs/vite#19119)
-   fix(types): improve `ESBuildOptions.include / exclude` type to allow `readonly (string | RegExp)[]`  ([ea53e70](vitejs/vite@ea53e70)), closes [#19146](vitejs/vite#19146)
-   chore(deps): update dependency pathe to v2 ([#19139](vitejs/vite#19139)) ([71506f0](vitejs/vite@71506f0)), closes [#19139](vitejs/vite#19139)
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Feb 1, 2025
@renovate
Update dependency vite to v6.0.11
dd9a5e0 
| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| npm        | vite    | 6.0.7 | 6.0.11 |


## [v6.0.11](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6011-2025-01-21-small)

-   fix: `preview.allowedHosts` with specific values was not respected ([#19246](vitejs/vite#19246)) ([aeb3ec8](vitejs/vite@aeb3ec8)), closes [#19246](vitejs/vite#19246)
-   fix: allow CORS from loopback addresses by default ([#19249](vitejs/vite#19249)) ([3d03899](vitejs/vite@3d03899)), closes [#19249](vitejs/vite#19249)


## [v6.0.10](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6010-2025-01-20-small)

-   fix: try parse `server.origin` URL ([#19241](vitejs/vite#19241)) ([2495022](vitejs/vite@2495022)), closes [#19241](vitejs/vite#19241)


## [v6.0.9](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small609-2025-01-20-small)

-   fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([bd896fb](vitejs/vite@bd896fb))
-   fix!: default `server.cors: false` to disallow fetching from untrusted origins ([b09572a](vitejs/vite@b09572a))
-   fix: verify token for HMR WebSocket connection ([029dcd6](vitejs/vite@029dcd6))


## [v6.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small608-2025-01-20-small)

-   fix: avoid SSR HMR for HTML files ([#19193](vitejs/vite#19193)) ([3bd55bc](vitejs/vite@3bd55bc)), closes [#19193](vitejs/vite#19193)
-   fix: build time display 7m 60s ([#19108](vitejs/vite#19108)) ([cf0d2c8](vitejs/vite@cf0d2c8)), closes [#19108](vitejs/vite#19108)
-   fix: don't resolve URL starting with double slash ([#19059](vitejs/vite#19059)) ([35942cd](vitejs/vite@35942cd)), closes [#19059](vitejs/vite#19059)
-   fix: ensure `server.close()` only called once ([#19204](vitejs/vite#19204)) ([db81c2d](vitejs/vite@db81c2d)), closes [#19204](vitejs/vite#19204)
-   fix: resolve.conditions in ResolvedConfig was `defaultServerConditions` ([#19174](vitejs/vite#19174)) ([ad75c56](vitejs/vite@ad75c56)), closes [#19174](vitejs/vite#19174)
-   fix: tree shake stringified JSON imports ([#19189](vitejs/vite#19189)) ([f2aed62](vitejs/vite@f2aed62)), closes [#19189](vitejs/vite#19189)
-   fix: use shared sigterm callback ([#19203](vitejs/vite#19203)) ([47039f4](vitejs/vite@47039f4)), closes [#19203](vitejs/vite#19203)
-   fix(deps): update all non-major dependencies ([#19098](vitejs/vite#19098)) ([8639538](vitejs/vite@8639538)), closes [#19098](vitejs/vite#19098)
-   fix(optimizer): use correct default install state path for yarn PnP ([#19119](vitejs/vite#19119)) ([e690d8b](vitejs/vite@e690d8b)), closes [#19119](vitejs/vite#19119)
-   fix(types): improve `ESBuildOptions.include / exclude` type to allow `readonly (string | RegExp)[]`  ([ea53e70](vitejs/vite@ea53e70)), closes [#19146](vitejs/vite#19146)
-   chore(deps): update dependency pathe to v2 ([#19139](vitejs/vite#19139)) ([71506f0](vitejs/vite@71506f0)), closes [#19139](vitejs/vite#19139)
@mandrasch mandrasch mentioned this pull request Feb 3, 2025
Open
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Feb 5, 2025
@renovate
Update dependency vite to v6.0.11
e7b81b9 
| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| npm        | vite    | 6.0.7 | 6.0.11 |


## [v6.0.11](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6011-2025-01-21-small)

-   fix: `preview.allowedHosts` with specific values was not respected ([#19246](vitejs/vite#19246)) ([aeb3ec8](vitejs/vite@aeb3ec8)), closes [#19246](vitejs/vite#19246)
-   fix: allow CORS from loopback addresses by default ([#19249](vitejs/vite#19249)) ([3d03899](vitejs/vite@3d03899)), closes [#19249](vitejs/vite#19249)


## [v6.0.10](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small6010-2025-01-20-small)

-   fix: try parse `server.origin` URL ([#19241](vitejs/vite#19241)) ([2495022](vitejs/vite@2495022)), closes [#19241](vitejs/vite#19241)


## [v6.0.9](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small609-2025-01-20-small)

-   fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([bd896fb](vitejs/vite@bd896fb))
-   fix!: default `server.cors: false` to disallow fetching from untrusted origins ([b09572a](vitejs/vite@b09572a))
-   fix: verify token for HMR WebSocket connection ([029dcd6](vitejs/vite@029dcd6))


## [v6.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small608-2025-01-20-small)

-   fix: avoid SSR HMR for HTML files ([#19193](vitejs/vite#19193)) ([3bd55bc](vitejs/vite@3bd55bc)), closes [#19193](vitejs/vite#19193)
-   fix: build time display 7m 60s ([#19108](vitejs/vite#19108)) ([cf0d2c8](vitejs/vite@cf0d2c8)), closes [#19108](vitejs/vite#19108)
-   fix: don't resolve URL starting with double slash ([#19059](vitejs/vite#19059)) ([35942cd](vitejs/vite@35942cd)), closes [#19059](vitejs/vite#19059)
-   fix: ensure `server.close()` only called once ([#19204](vitejs/vite#19204)) ([db81c2d](vitejs/vite@db81c2d)), closes [#19204](vitejs/vite#19204)
-   fix: resolve.conditions in ResolvedConfig was `defaultServerConditions` ([#19174](vitejs/vite#19174)) ([ad75c56](vitejs/vite@ad75c56)), closes [#19174](vitejs/vite#19174)
-   fix: tree shake stringified JSON imports ([#19189](vitejs/vite#19189)) ([f2aed62](vitejs/vite@f2aed62)), closes [#19189](vitejs/vite#19189)
-   fix: use shared sigterm callback ([#19203](vitejs/vite#19203)) ([47039f4](vitejs/vite@47039f4)), closes [#19203](vitejs/vite#19203)
-   fix(deps): update all non-major dependencies ([#19098](vitejs/vite#19098)) ([8639538](vitejs/vite@8639538)), closes [#19098](vitejs/vite#19098)
-   fix(optimizer): use correct default install state path for yarn PnP ([#19119](vitejs/vite#19119)) ([e690d8b](vitejs/vite@e690d8b)), closes [#19119](vitejs/vite#19119)
-   fix(types): improve `ESBuildOptions.include / exclude` type to allow `readonly (string | RegExp)[]`  ([ea53e70](vitejs/vite@ea53e70)), closes [#19146](vitejs/vite#19146)
-   chore(deps): update dependency pathe to v2 ([#19139](vitejs/vite#19139)) ([71506f0](vitejs/vite@71506f0)), closes [#19139](vitejs/vite#19139)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dominikg dominikg dominikg left review comments

@patak-dev patak-dev patak-dev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vite >6.0.9 has CORS issue with laravel-vite
4 participants
@bluwy @timacdonald @patak-dev @dominikg