fix SSRF vulnerability in proxy.ts

[FKauwe]

WHY are these changes introduced?

Fixes #947

WHAT is this pull request doing?

Fixes the vulnerability by introducing a check where if the two host names don't match, the request is not executed and a 502 error is surfaced to the user.
I could have identified hosts preceded by // and then performed the matching logic or even tried to correct the incorrect host but we (I and Josh) chose to throw an error because it's simpler to do, and the alternate method of rewriting the // path would involve regexes, and we don't want to try loading these requests. This change ensures we block the request. We also chose to throw an error instead of outputWarn as this is a rare but real vulnerability and if it happens, we want the surfaced error message to be loud

Baseline behavior:

Malicious request in logs and browser:

How to test your changes?

p build (in editor terminal) on main branch
Start the dev server in an external terminal using:

When the server is running, use the t shortcut to trigger a legitimate request and see the healthy logs output
To trigger the SSRF detection, visit the malicious URL directly in your browser:
http://127.0.0.1:9292//pokeapi.co/api/v2/pokemon/gengar
and see the browser behavior change

Then switch to my branch to see the fix in action:
before testing the new build, kill the server in the external terminal ctrl-c
Then p build
Then restart the server again

Then run the malicious request again and see the new browser and log behavior:

wrote a new unittest to verify the behavior and all proxy tests pass and all storefront-renderer tests pass

[github-actions]

Coverage report

St.❔	Category	Percentage	Covered / Total
🟡	Statements	79.52% (+0.29% 🔼)	14340/18033
🟡	Branches	73.72% (+0.62% 🔼)	7079/9602
🟡	Functions	79.64% (+0.27% 🔼)	3665/4602
🟡	Lines	79.88% (+0.3% 🔼)	13557/16971

Show new covered files 🐣

St.❔	File	Statements	Branches	Functions	Lines
🟢	... / admin-as-app.ts	100%	100%	100%	100%
🟢	... / metafield_definitions.ts	100%	100%	100%	100%
🟢	... / metaobject_definitions.ts	100%	100%	100%	100%
🟢	... / bulk-operation-cancel.ts	100%	100%	100%	100%
🟢	... / bulk-operation-run-mutation.ts	100%	100%	100%	100%
🟢	... / bulk-operation-run-query.ts	100%	100%	100%	100%
🟢	... / get-bulk-operation-by-id.ts	100%	100%	100%	100%
🟢	... / list-bulk-operations.ts	100%	100%	100%	100%
🟢	... / staged-uploads-create.ts	100%	100%	100%	100%
🟢	... / fetch_store_by_domain.ts	100%	100%	100%	100%
🔴	... / import-custom-data-definitions.ts	0%	100%	0%	0%
🔴	... / cancel.ts	0%	100%	0%	0%
🔴	... / execute.ts	0%	0%	0%	0%
🔴	... / status.ts	0%	0%	0%	0%
🔴	... / pull.ts	0%	100%	0%	0%
🟡	... / execute-operation.ts	75%	50%	100%	75%
🔴	... / pull.ts	0%	0%	0%	0%
🟢	... / bulk-operation-status.ts	96.55%	92.11%	100%	100%
🟢	... / cancel-bulk-operation.ts	100%	100%	100%	100%
🟢	... / constants.ts	100%	100%	100%	100%
🟢	... / download-bulk-operation-results.ts	100%	100%	100%	100%
🟢	... / execute-bulk-operation.ts	92.06%	86.05%	100%	93.55%
🟢	... / format-bulk-operation-status.ts	100%	100%	100%	100%
🟢	... / run-mutation.ts	100%	100%	100%	100%
🟢	... / run-query.ts	100%	100%	100%	100%
🟡	... / stage-file.ts	73.53%	62.5%	85.71%	72.73%
🟢	... / watch-bulk-operation.ts	100%	94.74%	100%	100%
🟢	... / declarative-definitions.ts	98.54%	93.18%	100%	98.51%
🟢	... / common.ts	97.62%	95%	100%	97.06%
🟢	... / execute-command-helpers.ts	100%	100%	100%	100%
🟢	... / file-formatter.ts	100%	100%	100%	100%
🔴	... / promiseWithResolvers.ts	33.33%	50%	50%	33.33%

Show files with reduced coverage 🔻

St.❔	File	Statements	Branches	Functions	Lines
🔴	... / execute.ts	0%	0% (-100% 🔻)	0%	0%
🟢	... / loader.ts	94.06% (+0.2% 🔼)	86.41% (-0.42% 🔻)	97.17% (+0.11% 🔼)	94.85% (+0.18% 🔼)
🟢	... / extension-instance.ts	84.8% (+0.23% 🔼)	77.6% (-0.91% 🔻)	92.06% (+0.13% 🔼)	85.11% (+0.24% 🔼)
🟡	... / specification.ts	69.64% (+0.55% 🔼)	75.61% (+2.44% 🔼)	76.47% (-1.31% 🔻)	69.39% (+0.64% 🔼)
🟢	... / ui_extension.ts	87.9% (-6.93% 🔻)	77.19% (-4.06% 🔻)	85.19% (-14.81% 🔻)	90.07% (-6.39% 🔻)
🟢	... / store-context.ts	100%	82.35% (-0.98% 🔻)	100%	100%
🟢	... / Logs.tsx	90%	90.91% (-5.97% 🔻)	100%	90%
🟢	... / fetch.ts	84.21% (+0.88% 🔼)	82.35% (-0.98% 🔻)	75%	85.29% (+1.42% 🔼)
🟢	... / app-event-watcher-handler.ts	86.36% (-4.11% 🔻)	75%	86.67%	85.71% (-5.19% 🔻)
🟢	... / bundle.ts	93.22%	63.33% (-3.33% 🔻)	94.12% (+5.88% 🔼)	96.3%
🟢	... / developer-platform-client.ts	84.62% (-1.5% 🔻)	71.43% (+0.84% 🔼)	81.82% (+1.82% 🔼)	93.75% (+0.42% 🔼)
🔴	... / http-reverse-proxy.ts	58.97% (-4.91% 🔻)	37.04% (-2.96% 🔻)	58.33% (-5.3% 🔻)	59.46% (-5.25% 🔻)
🔴	... / app-management-client.ts	53.69% (-0.16% 🔻)	47.47%	50% (-0.45% 🔻)	52.53% (-0.17% 🔻)
🟢	... / api.ts	87.07% (-0.43% 🔻)	76.71% (-0.1% 🔻)	100%	86.49% (-0.43% 🔻)
🟢	... / SingleTask.tsx	84.21% (-15.79% 🔻)	50% (-50% 🔻)	80% (-20% 🔻)	84.21% (-15.79% 🔻)
🔴	... / environment.ts	35% (-5% 🔻)	41.18%	40% (-10% 🔻)	36.84% (-5.26% 🔻)
🔴	... / ui.tsx	50.82% (-0.79% 🔻)	42.86% (-5.53% 🔻)	54.55% (+1.42% 🔼)	50% (-0.82% 🔻)
🟢	... / console.ts	81.82% (+15.15% 🔼)	75% (-25% 🔻)	100% (+33.33% 🔼)	81.82% (+15.15% 🔼)
🟢	... / init.ts	88% (-0.89% 🔻)	71.43% (+4.76% 🔼)	86.67% (+4.85% 🔼)	88% (-0.89% 🔻)
🟢	... / storefront-renderer.ts	90.2% (-0.54% 🔻)	78.95%	81.82% (-1.52% 🔻)	90.2% (-0.54% 🔻)
🟡	... / theme-polling.ts	67.12% (-0.93% 🔻)	68.75%	78.57%	66.67% (-0.98% 🔻)

Test suite run success

3657 tests passing in 1429 suites.

Report generated by 🧪jest coverage report action from d526b32

[EvilGenius13]

We can remove the newline here 😄 (prob left over from logging)