因此,我的团队也存在同样的问题,即“条形”的错误。 我们下面概述的解决办法是一个非常具体的错误,很可能与许多人无关。
就我们而言,allowedHosts[0] 变量未作界定,我们发现allowedHosts[0]在node_modules eact-scriptsconfigweb PackDevServer.config.js 上的变量。
module.exports = function (proxy, allowedHost) {
const disableFirewall =
!proxy || process.env.DANGEROUSLY_DISABLE_HOST_CHECK === true ;
return {
// WebpackDevServer 2.4.3 introduced a security fix that prevents remote
// websites from potentially accessing local content through DNS rebinding:
// https://github.com/webpack/webpack-dev-server/issues/887
// https://medium.com/webpack/webpack-dev-server-middleware-security-issues-1489d950874a
// However, it made several existing use cases such as development in cloud
// environment or subdomains in development significantly more complicated:
// https://github.com/facebook/create-react-app/issues/2271
// https://github.com/facebook/create-react-app/issues/2233
// While we re investigating better solutions, for now we will take a
// compromise. Since our WDS configuration only serves files in the `public`
// folder we won t consider accessing them a vulnerability. However, if you
// use the `proxy` feature, it gets more dangerous because it can expose
// remote code execution vulnerabilities in backends like Django and Rails.
// So we will disable the host check normally, but enable it if you have
// specified the `proxy` setting. Finally, we let you override it if you
// really know what you re doing with a special environment variable.
// Note: ["localhost", ".localhost"] will support subdomains - but we might
// want to allow setting the allowedHosts manually for more complex setups
allowedHosts: disableFirewall ? all : [allowedHost],
<代码>urls.lanUrlForConfig>通过到汇簿上:node_modules eact-scriptsstart.js至allowedHost。
const createDevServerConfig = require( ../config/webpackDevServer.config );
...
createDevServerConfig(proxyConfig, urls.lanUrlForConfig)
<代码>urls.lanUrlForCofig由prepareUrl<>/code>功能载于node_modules eact-dev-utilsWeb PackDevServerUtils.js。
const urls = prepareUrls(
protocol,
HOST,
port,
paths.publicUrlOrPath.slice(0, -1)
);
In the prepareUrls function, urls.lanUrlForConfig is set as undefined in the case that the computer s IPv4 address is non-private as seen below:
try {
// This can only return an IPv4 address
lanUrlForConfig = address.ip();
if (lanUrlForConfig) {
// Check if the address is a private ip
// https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces
if (
/^10[.]|^172[.](1[6-9]|2[0-9]|3[0-1])[.]|^192[.]168[.]/.test(
lanUrlForConfig
)
) {
// Address is private, format it for later use
lanUrlForTerminal = prettyPrintUrl(lanUrlForConfig);
} else {
// Address is not private, so we will discard it
lanUrlForConfig = undefined;
}
}
} catch (_e) {
// ignored
}
So in the end, we determined that the reason why we were having the error was because the ip address that we being pulled from the machine was non-private due to some ethernet cable configurations (We were getting a 169. address, an APIPA one, that was because the machine couldn t reach a DHCP server). This caused the urls.lanUrlForConfig to be undefined, which would ultimately get passed all the way down to the allowedHosts[0] variable and cause the error.
由于无法与DHCP服务器连接,这是另一个问题,但作为发展目的的热点,我们把“DANGEROUSLY_DISABLE_HOST_CHECK=true添入了我们的<代码>。 在我们的一揽子计划中设置“所有<>/代码”。 json是另一个解决办法。
