AngularAppEngine • Angular
Handles an incoming HTTP request by serving prerendered content, performing server-side rendering,
or delivering a static file for client-side rendered routes based on the RenderMode setting.
@paramrequestRequest
- The HTTP request to handle.
@paramrequestContextunknown
- Optional context for rendering, such as metadata associated with the request.
@returnsPromise<Response | null>
Usage notes
A request to https://www.example.com/page/index.html will serve or render the Angular route
corresponding to https://www.example.com/page.
To prevent potential Server-Side Request Forgery (SSRF), this function verifies the hostname
of the request.url against a list of authorized hosts.
If the hostname is not recognized and allowedHosts is not empty, a Client-Side Rendered (CSR) version of the
page is returned otherwise a 400 Bad Request is returned.
Resolution:
Authorize your hostname by configuring allowedHosts in angular.json in:
projects.[project-name].architect.build.options.security.allowedHosts.
Alternatively, you pass it directly through the configuration options of AngularAppEngine.
For more information see: https://angular.dev/best-practices/security#preventing-server-side-request-forgery-ssrf