0
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-12-12 18:52:15 +01:00
gitea/services/webhook
Jason Song 4e98224a45
Support allowed hosts for webhook to work with proxy (#27655)
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
2023-10-18 09:44:36 +00:00
..
deliver_test.go Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
deliver.go Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
dingtalk_test.go
dingtalk.go
discord_test.go
discord.go
feishu_test.go
feishu.go
general_test.go
general.go
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
matrix_test.go
matrix.go
msteams_test.go
msteams.go
notifier.go
packagist_test.go
packagist.go
payloader.go
slack_test.go
slack.go
telegram_test.go
telegram.go
webhook_test.go
webhook.go
wechatwork.go