fix: validate Host/Origin headers in magic proxy and InspectorProxyWorker

[mrbbot]

What this PR solves / how to test:

Host and Origin headers are now checked when connecting to the inspector and Miniflare's magic proxy. If these don't match what's expected, the request will fail. To test this, host DevTools on a different networked computer, and try to connect to the local wrangler dev server from that. The request should fail. Connecting from the hosted devtools and local devtools should succeed. Miniflare's test suite should succeed too.

Author has addressed the following:

• Tests
  • Included
  • Not necessary because:
• Changeset (Changeset guidelines)
  • Included
  • Not necessary because:
• Associated docs
  • Issue(s)/PR(s):
  • Not necessary because: this shouldn't affect regular use

Note for PR author:

We want to celebrate and highlight awesome PR review! If you think this PR received a particularly high-caliber review, please assign it the label highlight pr review so future reviewers can take inspiration and learn from it.

[changeset-bot]

🦋 Changeset detected

Latest commit: e349ba8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
miniflare	Patch
wrangler	Patch
@cloudflare/pages-shared	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

A wrangler prerelease is available for testing. You can install this latest build in your project with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-wrangler-4550

You can reference the automatically updated head of this PR with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/prs/7104924584/npm-package-wrangler-4550

Or you can use npx with this latest build directly:

npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-wrangler-4550 dev path/to/script.js

Additional artifacts:

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-miniflare-4550

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-cloudflare-pages-shared-4550

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-create-cloudflare-4550

Note that these links will no longer work once the GitHub Actions artifact expires.

---

wrangler@3.18.0 includes the following runtime dependencies:

Package	Constraint	Resolved
miniflare	workspace:*	3.20231030.2
workerd	1.20231030.0	1.20231030.0
workerd --version	1.20231030.0	2023-10-30

|

Please ensure constraints are pinned, and miniflare/workerd minor versions match.

[codecov]

Codecov Report

Merging #4550 (e349ba8) into main (71fb0b8) will increase coverage by 0.01%.
Report is 1 commits behind head on main.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4550      +/-   ##
==========================================
+ Coverage   75.44%   75.46%   +0.01%     
==========================================
  Files         240      240              
  Lines       12854    12855       +1     
  Branches     3312     3313       +1     
==========================================
+ Hits         9698     9701       +3     
+ Misses       3156     3154       -2     

Files	Coverage Δ
...wrangler/src/api/startDevWorker/ProxyController.ts	61.32% <ø> (ø)

... and 7 files with indirect coverage changes

[petebacondarwin]

Is this not possible to write automated tests for?