fixup! fix(@angular/ssr): validate host headers to prevent header-based SSRF

Author: alan-agius4

packages/angular/ssr/node/src/common-engine/common-engine.ts

@@ -124,6 +124,10 @@ export class CommonEngine {
   }
 
   private validateHost(url: string): void {
+    if (!URL.canParse(url)) {
+      throw new Error(`URL "${url}" is invalid.`);
+    }
+
     const hostname = new URL(url).hostname.replace(WWW_HOST_REGEX, '');
 
     if (this.allowedHosts.has(hostname)) {

packages/angular_devkit/build_angular/src/builders/ssr-dev-server/specs/proxy_spec.ts

@@ -58,7 +58,7 @@ describe('Serve SSR Builder', () => {
               .render({
                 bootstrap: AppServerModule,
                 documentFilePath: indexHtml,
-                url: req.originalUrl,
+                url: \`${protocol}://${headers.host}${originalUrl}\`,
                 publicPath: distFolder,
               })
               .then((html) => res.send(html))

packages/angular_devkit/build_angular/src/builders/ssr-dev-server/specs/ssl_spec.ts

@@ -54,11 +54,12 @@ describe('Serve SSR Builder', () => {
           }));
 
           server.use((req, res, next) => {
+            const { protocol, originalUrl, baseUrl, headers } = req;
             commonEngine
               .render({
                 bootstrap: AppServerModule,
                 documentFilePath: indexHtml,
-                url: req.originalUrl,
+                url: \`${protocol}://${headers.host}${originalUrl}\`,
                 publicPath: distFolder,
               })
               .then((html) => res.send(html))

packages/angular_devkit/build_angular/src/builders/ssr-dev-server/specs/works_spec.ts

@@ -57,7 +57,7 @@ describe('Serve SSR Builder', () => {
             .render({
               bootstrap: AppServerModule,
               documentFilePath: indexHtml,
-              url: req.originalUrl,
+              url: \`${protocol}://${headers.host}${originalUrl}\`,
               publicPath: distFolder,
             })
             .then((html) => res.send(html))