Support mobile app local development access from devices over nip.io (wildcard DNS) #2293
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
config/environments/development.rb
Dismissed
| /fizzy-\d+/, # review apps: fizzy-123, fizzy-456:3000 | ||
| /.*\.ts\.net/ # tailscale serve: hostname.tail1234.ts.net | ||
| /fizzy-\d+/, # review apps: fizzy-123, fizzy-456:3000 | ||
| /.*\.ts\.net/, # tailscale serve: hostname.tail1234.ts.net |
Check failure
Code scanning / CodeQL
Missing regular expression anchor High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 days ago
In general, to fix missing-anchor issues, change regexes so they match the entire intended value rather than any substring, using \A and \z (or ^ and $ only when line-based behavior is explicitly desired). For hostnames, you usually want “host ends with .example.com” or similar, not “string contains .example.com somewhere”.
Here, config.hosts should allow any host under the ts.net domain. The simplest, least-disruptive fix is to replace /.*\.ts\.net/ with an anchored pattern that still allows any subdomain but ensures .ts.net is at the end of the host (ignoring an optional port). For example:
- Use
\Aand\zto anchor the whole host string. - Permit an optional
:<port>after the hostname to match how Rails may include ports inconfig.hosts. - Keep the comment semantics (“hostname.tail1234.ts.net”) intact.
A robust replacement is:
/\A.*\.ts\.net(?::\d+)?\z/This matches any string that:
- Starts with anything ending in
.ts.net - Optionally has
:PORTafter it - Has no trailing extra characters.
Concretely, in config/environments/development.rb, line 93 should be changed from /.*\.ts\.net/ to /\A.*\.ts\.net(?::\d+)?\z/. No new imports or methods are needed; it’s a direct regex literal change.
| @@ -89,9 +89,9 @@ | ||
| "fizzy.localhost", | ||
| "localhost", | ||
| "127.0.0.1", | ||
| /fizzy-\d+/, # review apps: fizzy-123, fizzy-456:3000 | ||
| /.*\.ts\.net/, # tailscale serve: hostname.tail1234.ts.net | ||
| /.*\.nip\.io/ # nip.io for mobile apps | ||
| /fizzy-\d+/, # review apps: fizzy-123, fizzy-456:3000 | ||
| /\A.*\.ts\.net(?::\d+)?\z/, # tailscale serve: hostname.tail1234.ts.net | ||
| /.*\.nip\.io/ # nip.io for mobile apps | ||
| ] | ||
|
|
||
| # Canonical host for mailer URLs (emails always link here, not personal Tailscale URLs) |
There was a problem hiding this comment.
Rails add the anchors, confusingly.
To support mobile devices pointed to a local development machine, this:
0.0.0.0for nip.io supportThis change depends on #2291 for non-secure write requests.