Skip to content

Fix: Docker connection issue in sandbox by binding to all interfaces #9977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dtometzki wants to merge 5 commits into from
Closed

Fix: Docker connection issue in sandbox by binding to all interfaces #9977

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fdeae9f
Fix: Docker connection issue in sandbox by binding to all interfaces
dtometzki Sep 26, 2025
3891bf8
Merge branch 'main' into sandbox
dtometzki Sep 26, 2025
650d48a
Merge branch 'main' into sandbox
dtometzki Sep 30, 2025
61d85fc
Merge branch 'main' into sandbox
dtometzki Oct 5, 2025
e304d55
Merge branch 'main' into sandbox
dtometzki Oct 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 2 additions & 14 deletions packages/vscode-ide-companion/src/ide-server.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,18 +152,6 @@ export class IDEServer {
}),
);

@gemini-code-assist gemini-code-assist Bot Sep 26, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

Removing the host header check introduces a critical security vulnerability. By binding the server to 0.0.0.0, it becomes accessible from the local network. Without the host check, any device on the network can send requests to it. Although most requests require an auth token, initialize requests are unauthenticated for backward compatibility. This could allow an attacker on the same network to trigger actions in the IDE, such as opening a diff view with malicious content (openDiff tool), which poses a security risk.

I suggest re-introducing a host check that is flexible enough for the Docker use case. Checking just the hostname part of the Host header against a list of allowed hostnames like localhost and 127.0.0.1 would be much safer and should still work with Docker port forwarding.

      app.use((req, res, next) => {
        const hostname = (req.headers.host || '').split(':')[0];
        const allowedHostnames = [
          'localhost',
          '127.0.0.1',
        ];
        if (!allowedHostnames.includes(hostname)) {
          return res.status(403).json({ error: 'Invalid Host header' });
        }
        next();
      });

@dtometzki dtometzki Sep 26, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes it is correct but we are in a conflict here between header sec and sandbox env.

@dtometzki dtometzki Oct 29, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @chrstnb
who is responsible here ? I dont get any update since weeks

Damian

app.use((req, res, next) => {
const host = req.headers.host || '';
const allowedHosts = [
`localhost:${this.port}`,
`127.0.0.1:${this.port}`,
];
if (!allowedHosts.includes(host)) {
return res.status(403).json({ error: 'Invalid Host header' });
}
next();
});

app.use((req, res, next) => {
const authHeader = req.headers.authorization;
if (!authHeader) {
Expand Down Expand Up @@ -331,7 +319,7 @@ export class IDEServer {
}
});

this.server = app.listen(0, '127.0.0.1', async () => {
this.server = app.listen(0, '0.0.0.0', async () => {
const address = (this.server as HTTPServer).address();
if (address && typeof address !== 'string') {
this.port = address.port;
Expand All @@ -343,7 +331,7 @@ export class IDEServer {
os.tmpdir(),
`gemini-ide-server-${process.ppid}.json`,
);
this.log(`IDE server listening on http://127.0.0.1:${this.port}`);
this.log(`IDE server listening on http://0.0.0.0:${this.port}`);

if (this.authToken) {
await writePortAndWorkspace({
Expand Down