From a15261b3b3015667fb6d5151391b2d28d05fc7c4 Mon Sep 17 00:00:00 2001
From: Dan Stillman <dstillman@zotero.org>
Date: Mon, 26 Jun 2017 19:01:57 -0400
Subject: [PATCH] Don't enforce Host header in translation server

Fixes #1251
Fixes zotero/translation-server#48
---
 chrome/content/zotero/xpcom/server.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/chrome/content/zotero/xpcom/server.js b/chrome/content/zotero/xpcom/server.js
index bf0c3b79c8..076c09ca34 100755
--- a/chrome/content/zotero/xpcom/server.js
+++ b/chrome/content/zotero/xpcom/server.js
@@ -250,12 +250,12 @@ Zotero.Server.DataListener.prototype._headerFinished = function() {
 			var m = bookmarkletRe.exec(this.header);
 			if(m) this.origin = "https://www.zotero.org";
 		}
-	}
-	
-	// Make sure the Host header is set to 127.0.0.1 to prevent DNS rebinding attacks
-	if (!hostRe.exec(this.header)) {
-		this._requestFinished(this._generateResponse(400, "text/plain", "Invalid Host header\n"));
-		return;
+		
+		// Make sure the Host header is set to localhost/127.0.0.1 to prevent DNS rebinding attacks
+		if (!hostRe.exec(this.header)) {
+			this._requestFinished(this._generateResponse(400, "text/plain", "Invalid Host header\n"));
+			return;
+		}
 	}
 	
 	// get first line of request