mirror of
https://github.com/go-gitea/gitea
synced 2024-11-21 21:41:10 +01:00
Backport #32025 by @wolfogre Fix #32024. Follow #27655. After this PR, all usage of "new dial context" needs to provide a proxy, so I dropped the old `NewDialContext` and renamed `NewDialContextWithProxy` to `NewDialContext`. Co-authored-by: Jason Song <i@wolfogre.com>
This commit is contained in:
parent
54d828f8ec
commit
0629c08a6d
4 changed files with 3 additions and 11 deletions
|
@ -13,11 +13,7 @@ import (
|
|||
)
|
||||
|
||||
// NewDialContext returns a DialContext for Transport, the DialContext will do allow/block list check
|
||||
func NewDialContext(usage string, allowList, blockList *HostMatchList) func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
return NewDialContextWithProxy(usage, allowList, blockList, nil)
|
||||
}
|
||||
|
||||
func NewDialContextWithProxy(usage string, allowList, blockList *HostMatchList, proxy *url.URL) func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
func NewDialContext(usage string, allowList, blockList *HostMatchList, proxy *url.URL) func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
// How Go HTTP Client works with redirection:
|
||||
// transport.RoundTrip URL=http://domain.com, Host=domain.com
|
||||
// transport.DialContext addrOrHost=domain.com:80
|
||||
|
|
|
@ -24,6 +24,6 @@ func NewMigrationHTTPTransport() *http.Transport {
|
|||
return &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Migrations.SkipTLSVerify},
|
||||
Proxy: proxy.Proxy(),
|
||||
DialContext: hostmatcher.NewDialContext("migration", allowList, blockList),
|
||||
DialContext: hostmatcher.NewDialContext("migration", allowList, blockList, setting.Proxy.ProxyURLFixed),
|
||||
}
|
||||
}
|
||||
|
|
|
@ -499,9 +499,5 @@ func Init() error {
|
|||
// TODO: at the moment, if ALLOW_LOCALNETWORKS=false, ALLOWED_DOMAINS=domain.com, and domain.com has IP 127.0.0.1, then it's still allowed.
|
||||
// if we want to block such case, the private&loopback should be added to the blockList when ALLOW_LOCALNETWORKS=false
|
||||
|
||||
if setting.Proxy.Enabled && setting.Proxy.ProxyURLFixed != nil {
|
||||
allowList.AppendPattern(setting.Proxy.ProxyURLFixed.Host)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -303,7 +303,7 @@ func Init() error {
|
|||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify},
|
||||
Proxy: webhookProxy(allowedHostMatcher),
|
||||
DialContext: hostmatcher.NewDialContextWithProxy("webhook", allowedHostMatcher, nil, setting.Webhook.ProxyURLFixed),
|
||||
DialContext: hostmatcher.NewDialContext("webhook", allowedHostMatcher, nil, setting.Webhook.ProxyURLFixed),
|
||||
},
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue