0
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-12-01 05:41:58 +01:00
gitea/services/webhook
Jason Song 4e98224a45
Support allowed hosts for webhook to work with proxy (#27655)
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
2023-10-18 09:44:36 +00:00
..
deliver_test.go Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
deliver.go Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
dingtalk_test.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
dingtalk.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
discord_test.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
discord.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
feishu_test.go
feishu.go
general_test.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
general.go
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
matrix_test.go
matrix.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
msteams_test.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
msteams.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
notifier.go
packagist_test.go
packagist.go
payloader.go New webhook trigger for receiving Pull Request review requests (#24481) 2023-05-24 22:06:27 -04:00
slack_test.go
slack.go Fix release URL in webhooks (#27182) 2023-09-21 17:55:09 -05:00
telegram_test.go
telegram.go
webhook_test.go
webhook.go
wechatwork.go