forked from gitea/gitea
1
0
Fork 0
gitea/services
Giteabot dab40cd5f4
Support allowed hosts for webhook to work with proxy (#27655) (#27675)
Backport #27655 by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-18 15:07:52 +02:00
..
actions Make Actions tasks/jobs timeouts configurable by the user (#27400) (#27402) 2023-10-03 10:26:35 +08:00
agit Move notification interface to services layer (#26915) 2023-09-05 18:37:47 +00:00
asymkey Another round of `db.DefaultContext` refactor (#27103) (#27262) 2023-09-25 19:24:35 +02:00
attachment move repository deletion to service layer (#26948) 2023-09-08 04:51:15 +00:00
auth Fix attachment download bug (#27486) (#27571) 2023-10-11 04:39:12 +02:00
automerge Improve queue and logger context (#24924) 2023-05-26 07:31:55 +00:00
context Another round of `db.DefaultContext` refactor (#27103) (#27262) 2023-09-25 19:24:35 +02:00
convert Fix attachment download bug (#27486) (#27571) 2023-10-11 04:39:12 +02:00
cron Improve retrying index issues (#27554) (#27634) 2023-10-16 09:55:53 +08:00
externalaccount More `db.DefaultContext` refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
feed More `db.DefaultContext` refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
forms Check blocklist for emails when adding them to account (#26812) 2023-08-30 10:46:49 -05:00
gitdiff Fix successful return value for `SyncAndGetUserSpecificDiff` (#27152) 2023-09-20 22:28:17 +02:00
indexer Improve retrying index issues (#27554) (#27634) 2023-10-16 09:55:53 +08:00
issue Avoid run change title process when the title is same (#27467) (#27558) 2023-10-10 09:01:46 +02:00
lfs Bump github.com/golang-jwt/jwt to v5 (#25975) 2023-07-19 09:57:10 +00:00
mailer Next round of `db.DefaultContext` refactor (#27089) 2023-09-16 14:39:12 +00:00
markup Move web/api context related testing function into a separate package (#26859) 2023-09-01 11:26:07 +00:00
migrations More `db.DefaultContext` refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
mirror More `db.DefaultContext` refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
notify Update status and code index after changing the default branch (#27018) 2023-09-13 04:43:31 +00:00
org More refactoring of `db.DefaultContext` (#27083) 2023-09-15 06:13:19 +00:00
packages Another round of `db.DefaultContext` refactor (#27103) (#27262) 2023-09-25 19:24:35 +02:00
pull Fix poster is not loaded in get default merge message (#27657) (#27666) 2023-10-17 18:20:35 +02:00
release Another round of `db.DefaultContext` refactor (#27103) (#27262) 2023-09-25 19:24:35 +02:00
repository Another round of `db.DefaultContext` refactor (#27103) (#27262) 2023-09-25 19:24:35 +02:00
secrets Refactor secrets modification logic (#26873) 2023-09-05 15:21:02 +00:00
task Next round of `db.DefaultContext` refactor (#27089) 2023-09-16 14:39:12 +00:00
uinotification More `db.DefaultContext` refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
user Another round of `db.DefaultContext` refactor (#27103) (#27262) 2023-09-25 19:24:35 +02:00
webhook Support allowed hosts for webhook to work with proxy (#27655) (#27675) 2023-10-18 15:07:52 +02:00
wiki Fix incorrect test code for error handling (#27139) 2023-09-20 08:51:36 +08:00