ExpressJS - Wrong domain name in request headers - node.js

I have multiple domains pointing to same server. when i'm try to print the host name using req.headers['theHost'] it shows the other domain name instead of one to which request is sent. Example if i request a.com then in the headers it is showing b.com(other domain pointing to same server).

In order to get the hostname of an incoming request you can use req.get('Host'); (Express v4 way to get headers from a request - header field is case insensitive).

Related

How to preserve referrer (Referer HTTP header) across subdomains?

I have a website running on www.example.com that makes GET requests to api.example.com to process a form. When I examine web server logs for api.example.com I see that requests from Safari get the full referer (e.g., www.example.com/page-where-request-originated). But requests from Chrome only get a partial referer (www.example.com).
I need the ability to track the full referring page when the request hits api.example.com. Reviewing the documentation for Referrer-Policy it seems my only option is to set it to unsafe-url. But that seems overkill because I only want the referrer to be sent for subdomains of example.com. Is that possible?
The only option I can find is strict-origin : Send the origin as referrer, but only when the request is no downgrade from https to http.
see: https://wiki.crashtest-security.com/enable-security-headers
Everything else will either omit the referrer completely or send the origin URL without any URL parameters.

Get domain name without express.js

I have a MEAN app which responds to multiple domains. Domains are pointed to same IP and port.
Is there a way to get domain name from client request, without express.js?
So that I can load different database based on request domain name. I tried using process.domain and os.hostname which does not work on Windows OS (not sure about other OS).
Try picking it out from the header:
request.headers.host

Disable Serving from Default Cloudfront Hostname (ourdistid.cloudfront.net)

I've setup an alternate domain name for our Cloudfront distribution so we can serve from oursite.com. We'd like to disable ourdistid.cloudfront.net so our site is only accessible from one hostname. Is this possible?
Yes, you can do this, though perhaps not in the place where you might expect to.
By default, CloudFront sets the Host: header in the request sent to the origin server to have the value of the origin server hostname.
However, you can configure CloudFront to forward the original request's host header to the origin server, instead. It doesn't change how the request is routed, only the header that gets forwarded.
After that, it is a simple matter to configure your web server to return the response you want, when the request's Host: header matches the *.cloudfront.net host, which can include a generic error page with whatever code you seem most appropriate, such as 503 Service Unavailable, 404 Not Found, 403 Forbidden, or 410 Gone. You could even use 301 Moved Permanently. Whatever makes the most sense to you.
You can't literally disable the assigned endpoint, but you can prevent it from returning any of your content.
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html

How to make http request in nodejs to url which is not linked to DNS but registered in hosts file?

I am working on remote sandbox with ip 190.34.24.56 (not real ip, just for example)
Hosts file contains this string:
190.34.24.56 web.sandbox.com
I have access to url web.sandbox.com from browser, but when try to send http request I get an error: ENOTFOUND (domain name not found).
How to send http request from nodejs to url which not have dns record?
(I can't enter to sandbox using 190.34.24.56, because there is host-server works which determine incoming url and redirects request to other port, so I can use only web.sandbox.com)
I haven't actually tried this, but you could try passing in the domain header along with your request:
Host: yourhostname.com
See full list of HTTP headers: List of HTTP header fields

How to add an A Record so Subdomain-less request reach my server

I have a domain mydomain.com, and i already set an A record for *.mydomain.com, all request for any subdomain are reaching my server except http://mydomain.com. How can I setup my records so that http://mydoamin.com requests will reach my server.
Try leaving the name of the record blank. Only do type A and value.

Resources