Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-28 12:46:09 +01:00
forgejo/services/webhook
Giteabot d6798ae015
Support allowed hosts for webhook to work with proxy (#27655) (#27674)
Backport #27655 by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit ca4418eff1)
2023-11-14 13:17:11 +01:00
..
deliver.go Support allowed hosts for webhook to work with proxy (#27655) (#27674) 2023-11-14 13:17:11 +01:00
deliver_test.go Support allowed hosts for webhook to work with proxy (#27655) (#27674) 2023-11-14 13:17:11 +01:00
dingtalk.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
dingtalk_test.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
discord.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
discord_test.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
feishu.go Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) 2023-05-26 01:04:48 +00:00
feishu_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
general.go Add branch_filter to hooks API endpoints (#26599) (#26632) 2023-09-08 08:07:19 +02:00
general_test.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
main_test.go Merge setting.InitXXX into one function with options (#24389) 2023-05-04 11:55:35 +08:00
matrix.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
matrix_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
msteams.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
msteams_test.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
notifier.go For API attachments, use API URL (#25639) (#25814) 2023-07-10 12:56:16 +00:00
packagist.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
packagist_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
payloader.go New webhook trigger for receiving Pull Request review requests (#24481) 2023-05-24 22:06:27 -04:00
slack.go Fix release URL in webhooks (#27182) (#27184) 2023-10-03 14:48:18 +02:00
slack_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
telegram.go Add ThreadID parameter for Telegram webhooks (#25996) (#26480) 2023-08-21 07:22:19 +02:00
telegram_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
webhook.go [BRANDING] define the forgejo webhook type 2023-08-21 07:22:16 +02:00
webhook_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
wechatwork.go Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) 2023-05-26 01:04:48 +00:00