@cloudflare/vite-plugin@1.37.3
📦 cloudflare-workersView on GitHub →
🐛 3 fixes🔧 6 symbols
Summary
This patch primarily addresses security concerns by updating the `ws` dependency and fixes several bugs related to host validation and the `CF-Worker` header generation during local development.
🐛 Bug Fixes
- Fixed `/cdn-cgi/*` host validation in Miniflare which incorrectly accepted subdomains of exact configured routes; exact routes and configured `upstream` hostname now require an exact match to the request hostname.
- Fixed the outbound `CF-Worker` header in local development paths (`@cloudflare/vite-plugin`, `@cloudflare/vitest-pool-workers`, `getPlatformProxy`, `wrangler dev`) to correctly reflect the parent zone instead of the route pattern hostname, resolving issues with services rejecting unknown hosts.
- Fixed an issue where the `CF-Worker` header used the route pattern hostname instead of the parent zone name when `zone_name` was explicitly set in a route configuration.