mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-25 06:25:31 +00:00
d6798ae015
Backport #27655 by @wolfogre
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.
But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.
This PR fixes it by:
- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit
|
||
---|---|---|
.. | ||
deliver.go | ||
deliver_test.go | ||
dingtalk.go | ||
dingtalk_test.go | ||
discord.go | ||
discord_test.go | ||
feishu.go | ||
feishu_test.go | ||
general.go | ||
general_test.go | ||
main_test.go | ||
matrix.go | ||
matrix_test.go | ||
msteams.go | ||
msteams_test.go | ||
notifier.go | ||
packagist.go | ||
packagist_test.go | ||
payloader.go | ||
slack.go | ||
slack_test.go | ||
telegram.go | ||
telegram_test.go | ||
webhook.go | ||
webhook_test.go | ||
wechatwork.go |