All-Hands-AI · tofarr · Dec 26, 2024 · Dec 26, 2024 · Dec 26, 2024 · Dec 27, 2024
diff --git a/config.template.toml b/config.template.toml
@@ -84,6 +84,9 @@ workspace_base = "./workspace"
 # List of allowed file extensions for uploads
 #file_uploads_allowed_extensions = [".*"]
 
+# Approved hostnames for incoming requests. Use "*" for any
+#approved_hostnames = ["localhost"]
+
 #################################### LLM #####################################
 # Configuration for LLM models (group name starts with 'llm')
 # use 'llm' for the default LLM config

diff --git a/openhands/core/config/app_config.py b/openhands/core/config/app_config.py
@@ -46,6 +46,9 @@ class AppConfig:
             input is read line by line. When enabled, input continues until /exit command.
     """
 
+    approved_hostnames: list[str] = field(
+        default_factory=lambda: ['localhost', '127.0.0.1']
+    )
     llms: dict[str, LLMConfig] = field(default_factory=dict)
     agents: dict = field(default_factory=dict)
     default_agent: str = OH_DEFAULT_AGENT

diff --git a/openhands/server/app.py b/openhands/server/app.py
@@ -11,6 +11,7 @@
 import openhands.agenthub  # noqa F401 (we import this to get the agents registered)
 from openhands.server.middleware import (
     AttachConversationMiddleware,
+    HostCheckMiddleware,
     InMemoryRateLimiter,
     LocalhostCORSMiddleware,
     NoCacheMiddleware,
@@ -26,7 +27,7 @@
 from openhands.server.routes.public import app as public_api_router
 from openhands.server.routes.security import app as security_api_router
 from openhands.server.routes.settings import app as settings_router
-from openhands.server.shared import openhands_config, session_manager
+from openhands.server.shared import config, openhands_config, session_manager
 from openhands.utils.import_utils import get_impl
 
 
@@ -48,6 +49,9 @@ async def _lifespan(app: FastAPI):
 app.add_middleware(
     RateLimitMiddleware, rate_limiter=InMemoryRateLimiter(requests=10, seconds=1)
 )
+approved_hostnames = config.approved_hostnames
+if '*' not in config.approved_hostnames:
+    app.add_middleware(HostCheckMiddleware, approved_hostnames=set(approved_hostnames))
 
 
 @app.get('/health')

diff --git a/openhands/server/middleware.py b/openhands/server/middleware.py
@@ -166,3 +166,27 @@ async def __call__(self, request: Request, call_next: Callable):
             await self._detach_session(request)
 
         return response
+
+
+class HostCheckMiddleware(BaseHTTPMiddleware):
+    """
+    Middleware to prevent connections with unapproved hosts.
+    """
+
+    approved_hostnames: set[str]
+
+    def __init__(self, app, approved_hostnames: set[str]):
+        super().__init__(app)
+        self.approved_hostnames = approved_hostnames
+
+    async def dispatch(self, request, call_next):
+        hostname = request.base_url.hostname
+        if hostname not in self.approved_hostnames:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content={
+                    'error': f'Unapproved host: {hostname}. To permit this host, add either "{hostname}" or "*" to core.approved_hostnames in your config.toml.'
+                },
+            )
+        response = await call_next(request)
+        return response