From 7e010898f5d8505597994b4ed47099e492067b8e Mon Sep 17 00:00:00 2001
From: chupaohong <AkatsukiMeow@gmail.com>
Date: Fri, 10 Apr 2026 19:15:07 +0700
Subject: [PATCH] fix: reject port in host header to prevent SSR SSRF bypass

---
 packages/angular/ssr/src/utils/validation.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/angular/ssr/src/utils/validation.ts b/packages/angular/ssr/src/utils/validation.ts
index e8af64ed9943..0b195e43a8be 100644
--- a/packages/angular/ssr/src/utils/validation.ts
+++ b/packages/angular/ssr/src/utils/validation.ts
@@ -224,7 +224,12 @@ function verifyHostAllowed(
     throw new Error(`Header "${headerName}" contains an invalid value and cannot be parsed.`);
   }
 
-  const { hostname } = new URL(url);
+  const { hostname, port } = new URL(url);
+  if (port) {
+    throw new Error(
+      `Header "${headerName}" with value "${value}" contains a port and is not allowed.`,
+    );
+  }
   if (!isHostAllowed(hostname, allowedHosts)) {
     throw new Error(`Header "${headerName}" with value "${value}" is not allowed.`);
   }