Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-08 00:42:47 +01:00
Code Issues Activity
gitea/modules/httplib
History
Giteabot e2517e0fa9
Fix forwarded proto handling for public URL detection (#36810) (#36836) 
Backport #36810 by @lunny

- normalize `X-Forwarded-Proto`/related headers to accept only
`http`/`https`
- ignore malformed or injected scheme values to prevent spoofed
canonical URLs
- add tests covering malicious and multi-valued forwarded proto headers

---
Generated by a coding agent with Codex 5.2

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2026-03-06 19:02:50 +00:00
..
request.go
Fix missing Close when error occurs and abused connection pool (#35658) (#35670)
2025-10-15 09:56:53 +00:00
serve_test.go
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
serve.go
Fix external render, make iframe render work (#35727, #35730) (#35731)
2025-10-23 16:07:17 +08:00
url_test.go
Fix forwarded proto handling for public URL detection (#36810) (#36836)
2026-03-06 19:02:50 +00:00
url.go
Fix forwarded proto handling for public URL detection (#36810) (#36836)
2026-03-06 19:02:50 +00:00