mirror of https://github.com/go-gitea/gitea.git
dab40cd5f4
Backport #27655 by @wolfogre When `webhook.PROXY_URL` has been set, the old code will check if the proxy host is in `ALLOWED_HOST_LIST` or reject requests through the proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`. However, it actually allows all requests to any port on the host, when the proxy host is probably an internal address. But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work when requests are sent to the allowed proxy, and the proxy could forward them to any hosts. This PR fixes it by: - If the proxy has been set, always allow connectioins to the host and port. - Check `ALLOWED_HOST_LIST` before forwarding. Co-authored-by: Jason Song <i@wolfogre.com> |
||
|---|---|---|
| .. | ||
| deliver.go | ||
| deliver_test.go | ||
| dingtalk.go | ||
| dingtalk_test.go | ||
| discord.go | ||
| discord_test.go | ||
| feishu.go | ||
| feishu_test.go | ||
| general.go | ||
| general_test.go | ||
| main_test.go | ||
| matrix.go | ||
| matrix_test.go | ||
| msteams.go | ||
| msteams_test.go | ||
| notifier.go | ||
| packagist.go | ||
| packagist_test.go | ||
| payloader.go | ||
| slack.go | ||
| slack_test.go | ||
| telegram.go | ||
| telegram_test.go | ||
| webhook.go | ||
| webhook_test.go | ||
| wechatwork.go | ||