fedi/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-23 06:38:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
forgejo/services
History
Giteabot ca4418eff1
Support allowed hosts for webhook to work with proxy (#27655) (#27674) 
Backport #27655 by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-18 15:07:20 +02:00
..
actions Fix pull request check list is limited (#26179) (#26245) 2023-07-31 08:56:46 +00:00
agit Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) 2023-05-26 01:04:48 +00:00
asymkey
attachment
auth Fix attachment download bug (#27486) (#27570) 2023-10-11 04:38:50 +02:00
automerge Improve queue and logger context (#24924) 2023-05-26 07:31:55 +00:00
context Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
convert Fix attachment download bug (#27486) (#27570) 2023-10-11 04:38:50 +02:00
cron Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
externalaccount Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
forms check blocklist for emails when adding them to account (#26812) (#26831) 2023-08-31 00:52:19 +00:00
gitdiff Fix successful return value for SyncAndGetUserSpecificDiff (#27152) (#27156) 2023-09-21 00:58:13 +02:00
issue Avoid run change title process when the title is same (#27467) (#27557) 2023-10-10 09:01:24 +02:00
lfs Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
mailer Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
markup
migrations Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
mirror Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
org Refactor rename user and rename organization (#24052) 2023-05-21 23:13:47 +08:00
packages Prevent newline errors with Debian packages (#26332) (#26342) 2023-08-05 11:41:30 +02:00
pull Fix poster is not loaded in get default merge message (#27657) (#27665) 2023-10-17 18:20:23 +02:00
release Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) 2023-05-26 01:04:48 +00:00
repository Sync tags when adopting repos (#26816) (#26834) 2023-08-31 02:15:28 +00:00
task Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
user fix incorrect repo url when changed the case of ownername (#25733) (#25881) 2023-07-15 19:47:24 +02:00
webhook Support allowed hosts for webhook to work with proxy (#27655) (#27674) 2023-10-18 15:07:20 +02:00
wiki services/wiki: Close() after error handling (#27129) (#27137) 2023-09-19 15:13:23 +00:00