Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Storybook not accessible from local hostname after Vite 6 upgrade #30338

Open
TimonVS opened this issue Jan 22, 2025 · 2 comments
Open

Comments

@TimonVS
Copy link

TimonVS commented Jan 22, 2025

Describe the bug

After upgrading from Vite 5 to Vite 6, Storybook is no longer accessible via local hostname (e.g., timon-work.local) configured in macOS System Settings > Sharing. Despite setting the --host flag to 0.0.0.0 in the dev script, accessing Storybook through the local hostname results in 403 Forbidden errors:

Image

Setting allowedHosts in vite.config.ts doesn't resolve the issue. However, configuring it in .storybook/main.ts within the viteFinal function does work:

const config: StorybookConfig = {
  // ... snip
  viteFinal: (config) => {
    config.server ??= {};
    console.log(config.server);
    // Allow Storybook to be accessed from any host in development mode
    // config.server.allowedHosts = process.env.NODE_ENV === 'development' ? true : config.server.allowedHosts;
    return config;
  },
};

I've managed to reproduce this with a clean Storybook setup (npx storybook@latest init).

Reproduction link

https://github.com/TimonVS/storybook-hostname-reproduction

Reproduction steps

  1. Create a Storybook project (npx storybook@latest init)
  2. Setup a local hostname on macOS (System Settings > Sharing)
  3. Add --host 0.0.0.0 flag to storybook script

System

Storybook Environment Info:

  System:
    OS: macOS 15.1
    CPU: (12) arm64 Apple M3 Pro
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 22.6.0 - ~/.local/share/mise/installs/node/22/bin/node
    npm: 10.8.2 - ~/.local/share/mise/installs/node/22/bin/npm
    pnpm: 9.15.0 - ~/Library/pnpm/pnpm <----- active
  Browsers:
    Chrome: 131.0.6778.265
    Safari: 18.1

Additional context

No response

@JSMike
Copy link
Contributor

JSMike commented Jan 23, 2025

This is also happening for me on vite 5.4.14 (released 2 days ago, as did the latest 6.x). Downgrading to 5.4.11 temporarily resolved the issue. I haven't yet confirmed exactly which version it starts to break.

@shilman
Copy link
Member

shilman commented Jan 24, 2025

Must be this one GHSA-vg6x-rcgg-rjx6

The security description contains a workaround for user configuration, and perhaps this needs to be added to the Storybook documentation. But if anybody can figure out a proper fix in Storybook that would also be much appreciated!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Needs Discussion
Development

No branches or pull requests

4 participants