Support allowed hosts for webhook to work with proxy (#27655) (#27674) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	Giteabot <teabot@gitea.io>	2023-10-18 21:07:20 +0800
committer	GitHub <noreply@github.com>	2023-10-18 15:07:20 +0200
commit	ca4418eff12d92a4da29bba4331451bf6cd0b620 (patch)
tree	ca00e6c5ce55ba1c0eb3c78f0680cae27ca537f1 /routers/api/v1/api.go
parent	80c0c8815203128703eae741e712289393458687 (diff)
download	gitea-ca4418eff12d92a4da29bba4331451bf6cd0b620.tar.gz gitea-ca4418eff12d92a4da29bba4331451bf6cd0b620.zip

Support allowed hosts for webhook to work with proxy (#27655) (#27674)

Backport #27655 by @wolfogre When `webhook.PROXY_URL` has been set, the old code will check if the proxy host is in `ALLOWED_HOST_LIST` or reject requests through the proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`. However, it actually allows all requests to any port on the host, when the proxy host is probably an internal address. But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work when requests are sent to the allowed proxy, and the proxy could forward them to any hosts. This PR fixes it by: - If the proxy has been set, always allow connectioins to the host and port. - Check `ALLOWED_HOST_LIST` before forwarding. Co-authored-by: Jason Song <i@wolfogre.com>

Diffstat (limited to 'routers/api/v1/api.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: