What's the problem this feature will solve?

Defend against DNS rebinding attacks (https://en.wikipedia.org/wiki/DNS_rebinding).

Describe the solution you'd like

Add a new option for specifying the permitted value of the Host HTTP header (i.e. the hostname of the server to which the
request is sent).

A key part of the DNS rebinding attack is that the user's browser will be sending a request to an internal server with an invalid Host header for that server, i.e., the Host header's value is not a real DNS name for the IP address on which the server is running. If the server checks the Host header against the value provided in the new option, the attack fails. For an example of a server that does this, see https://angular.io/cli/serve and its "--host" option.

Alternative Solutions

I don't see any other solution other than to use a different package.

Additional context

Note that DNS rebinding is an issue even when running the server on a development machine behind a firewall. Any one who has access to the develop machine server who also browses to a malicious website can open up access to that development server.