forked from gitea/gitea
ca4418eff1
Backport #27655 by @wolfogre When `webhook.PROXY_URL` has been set, the old code will check if the proxy host is in `ALLOWED_HOST_LIST` or reject requests through the proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`. However, it actually allows all requests to any port on the host, when the proxy host is probably an internal address. But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work when requests are sent to the allowed proxy, and the proxy could forward them to any hosts. This PR fixes it by: - If the proxy has been set, always allow connectioins to the host and port. - Check `ALLOWED_HOST_LIST` before forwarding. Co-authored-by: Jason Song <i@wolfogre.com> |
||
---|---|---|
.. | ||
deliver.go | ||
deliver_test.go | ||
dingtalk.go | ||
dingtalk_test.go | ||
discord.go | ||
discord_test.go | ||
feishu.go | ||
feishu_test.go | ||
general.go | ||
general_test.go | ||
main_test.go | ||
matrix.go | ||
matrix_test.go | ||
msteams.go | ||
msteams_test.go | ||
notifier.go | ||
packagist.go | ||
packagist_test.go | ||
payloader.go | ||
slack.go | ||
slack_test.go | ||
telegram.go | ||
telegram_test.go | ||
webhook.go | ||
webhook_test.go | ||
wechatwork.go |