docs: Add example config for Vite security update

nystudio107 · Jan 23, 2025 · 2db8d47 · 2db8d47
1 parent 8964c31
commit 2db8d47
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/docs/docs/index.md b/docs/docs/index.md
@@ -185,16 +185,25 @@ export default ({command}) => ({
     },
   },
   server: {
+    // Allow cross-origin requests -- https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6
+    allowedHosts: true,
+    cors: true,
     fs: {
       strict: false
     },
+    headers: {
+      "Access-Control-Allow-Private-Network": "true",
+    },
+    host: '0.0.0.0',
     origin: 'http://localhost:3000',
     port: 3000,
     strictPort: true,
   }
 });
 ```
 
+If you're using Chrome, are _not_ using `https` are _also_ using `localhost` for your Vite dev server, you may also need to disable the `chrome://flags/#block-insecure-private-network-requests` flag to allow HMR to work as expected.
+
 #### Modern + Legacy Config
 
 By default, Vite generates JavaScript bundles that work with modern browsers that