Express middleware for DNS rebinding protection.
Validates Host header hostname (port-agnostic) against an allowed list.
This is particularly important for servers without authorization or HTTPS,
such as localhost servers or development servers. DNS rebinding attacks can
bypass same-origin policy by manipulating DNS to point a domain to a
localhost address, allowing malicious websites to access your local server.
Parameters
allowedHostnames: string[]
List of allowed hostnames (without ports).
For IPv6, provide the address with brackets (e.g., [::1]).
Express middleware for DNS rebinding protection. Validates
Hostheader hostname (port-agnostic) against an allowed list.This is particularly important for servers without authorization or HTTPS, such as localhost servers or development servers. DNS rebinding attacks can bypass same-origin policy by manipulating DNS to point a domain to a localhost address, allowing malicious websites to access your local server.