mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-28 01:04:16 +01:00
4e98224a45
When `webhook.PROXY_URL` has been set, the old code will check if the proxy host is in `ALLOWED_HOST_LIST` or reject requests through the proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`. However, it actually allows all requests to any port on the host, when the proxy host is probably an internal address. But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work when requests are sent to the allowed proxy, and the proxy could forward them to any hosts. This PR fixes it by: - If the proxy has been set, always allow connectioins to the host and port. - Check `ALLOWED_HOST_LIST` before forwarding. |
||
---|---|---|
.. | ||
actions | ||
activitypub | ||
analyze | ||
assetfs | ||
auth | ||
avatar | ||
base | ||
cache | ||
charset | ||
container | ||
context | ||
contexttest | ||
csv | ||
doctor | ||
emoji | ||
eventsource | ||
generate | ||
git | ||
gitgraph | ||
graceful | ||
hcaptcha | ||
highlight | ||
hostmatcher | ||
html | ||
httpcache | ||
httplib | ||
indexer | ||
issue/template | ||
json | ||
label | ||
lfs | ||
log | ||
markup | ||
mcaptcha | ||
metrics | ||
migration | ||
nosql | ||
options | ||
packages | ||
paginator | ||
pprof | ||
private | ||
process | ||
proxy | ||
proxyprotocol | ||
public | ||
queue | ||
recaptcha | ||
references | ||
regexplru | ||
repository | ||
secret | ||
session | ||
setting | ||
sitemap | ||
ssh | ||
storage | ||
structs | ||
svg | ||
sync | ||
system | ||
templates | ||
test | ||
testlogger | ||
timeutil | ||
translation | ||
turnstile | ||
typesniffer | ||
updatechecker | ||
upload | ||
uri | ||
user | ||
util | ||
validation | ||
web | ||
webhook |