mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-30 13:56:09 +01:00
013fb73068
Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
31 lines
869 B
Go
31 lines
869 B
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package migrations
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net/http"
|
|
|
|
"code.gitea.io/gitea/modules/hostmatcher"
|
|
"code.gitea.io/gitea/modules/proxy"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
)
|
|
|
|
// NewMigrationHTTPClient returns a HTTP client for migration
|
|
func NewMigrationHTTPClient() *http.Client {
|
|
return &http.Client{
|
|
Transport: NewMigrationHTTPTransport(),
|
|
}
|
|
}
|
|
|
|
// NewMigrationHTTPTransport returns a HTTP transport for migration
|
|
func NewMigrationHTTPTransport() *http.Transport {
|
|
return &http.Transport{
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: setting.Migrations.SkipTLSVerify},
|
|
Proxy: proxy.Proxy(),
|
|
DialContext: hostmatcher.NewDialContext("migration", allowList, blockList),
|
|
}
|
|
}
|