From 8c0d6c718dde27c434b3062261a328016101f43e Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Sat, 18 Aug 2018 04:40:26 -0600
Subject: [PATCH] rely on built-in security checks

---
 examples/vhost.js | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/examples/vhost.js b/examples/vhost.js
index 9ac1fe9..cccd272 100644
--- a/examples/vhost.js
+++ b/examples/vhost.js
@@ -14,10 +14,9 @@ var finalhandler = require('finalhandler');
 var serveStatic = require('serve-static');
 var path = require('path');
 // Allowed characters are a-z,0-9,.,-,_ with TLDs being alpha-only
-var hostnameRe = /^[\.a-z0-9_\-]+\.[a-z]+$/i;
 
-//require('greenlock-express')
-require('../').create({
+//var glx = require('greenlock-express')
+var glx = require('../').create({
 
   // Let's Encrypt v2 is ACME draft 11
   version: 'draft-11'
@@ -69,14 +68,9 @@ require('../').create({
 , configDir: '~/.config/acme/'
 
 , app: function (req, res) {
+    // SECURITY greenlock pre-sanitizes hostnames to prevent unauthorized fs access
     console.log(req.headers.host);
-    var hostname = (req.headers.host||'').toLowerCase().split(':')[0];
-    // SECURITY sanatize hostname to prevent unauthorized fs access
-    if (!hostnameRe.test(hostname)) {
-      res.statusCode = 404;
-      res.end('Bad Hostname');
-      return;
-    }
+    var hostname = req.headers.host;
 
     var serve = serveStatic(path.join(srv, hostname), { redirect: true });
     serve(req, res, finalhandler(req, res));
@@ -87,4 +81,6 @@ require('../').create({
 
 //, debug: true
 
-}).listen(80, 443);
+});
+
+var server = glx.listen(80, 443);