From a4e91c4197483c94f13e623c962b6b011494e949 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 17 Aug 2022 08:15:54 +0800
Subject: Add proxy host into allow list (#20798)

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
---
 modules/hostmatcher/hostmatcher.go | 5 +++++
 services/migrations/migrate.go     | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/modules/hostmatcher/hostmatcher.go b/modules/hostmatcher/hostmatcher.go
index 81c4202fcd..a092e07f41 100644
--- a/modules/hostmatcher/hostmatcher.go
+++ b/modules/hostmatcher/hostmatcher.go
@@ -78,6 +78,11 @@ func (hl *HostMatchList) AppendBuiltin(builtin string) {
 	hl.builtins = append(hl.builtins, builtin)
 }
 
+// AppendPattern appends more pattern to match
+func (hl *HostMatchList) AppendPattern(pattern string) {
+	hl.patterns = append(hl.patterns, pattern)
+}
+
 // IsEmpty checks if the checklist is empty
 func (hl *HostMatchList) IsEmpty() bool {
 	return hl == nil || (len(hl.builtins) == 0 && len(hl.patterns) == 0 && len(hl.ipNets) == 0)
diff --git a/services/migrations/migrate.go b/services/migrations/migrate.go
index f2542173a0..9460c66dbc 100644
--- a/services/migrations/migrate.go
+++ b/services/migrations/migrate.go
@@ -479,5 +479,10 @@ func Init() error {
 	}
 	// TODO: at the moment, if ALLOW_LOCALNETWORKS=false, ALLOWED_DOMAINS=domain.com, and domain.com has IP 127.0.0.1, then it's still allowed.
 	// if we want to block such case, the private&loopback should be added to the blockList when ALLOW_LOCALNETWORKS=false
+
+	if setting.Proxy.Enabled && setting.Proxy.ProxyURLFixed != nil {
+		allowList.AppendPattern(setting.Proxy.ProxyURLFixed.Host)
+	}
+
 	return nil
 }
-- 
cgit v1.2.3