feat: private hostname guard for authenticated/private mode
Reject requests from unrecognised Host headers when running authenticated/private. Adds server middleware, CLI `allowed-hostname` command, config-schema field, and prompt support for configuring allowed hostnames during onboard/configure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Forgotten
@@ -37,6 +37,12 @@ pnpm dev --tailscale-auth
|
||||
|
||||
This runs dev as `authenticated/private` and binds the server to `0.0.0.0` for private-network access.
|
||||
|
||||
Allow additional private hostnames (for example custom Tailscale hostnames):
|
||||
|
||||
```sh
|
||||
pnpm paperclip allowed-hostname dotta-macbook-pro
|
||||
```
|
||||
|
||||
## One-Command Local Run
|
||||
|
||||
For a first-time local install, you can bootstrap and run in one command:
|
||||
|
||||
Reference in New Issue
Block a user