1
0
Fork 0
forgejo/services/webhook
Giteabot dab40cd5f4
Support allowed hosts for webhook to work with proxy (#27655) (#27675)
Backport #27655 by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-18 15:07:52 +02:00
..
deliver.go Support allowed hosts for webhook to work with proxy (#27655) (#27675) 2023-10-18 15:07:52 +02:00
deliver_test.go Support allowed hosts for webhook to work with proxy (#27655) (#27675) 2023-10-18 15:07:52 +02:00
dingtalk.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
dingtalk_test.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
discord.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
discord_test.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
feishu.go Modify the content format of the Feishu webhook (#25106) 2023-08-24 09:00:11 +08:00
feishu_test.go Modify the content format of the Feishu webhook (#25106) 2023-08-24 09:00:11 +08:00
general.go Modify the content format of the Feishu webhook (#25106) 2023-08-24 09:00:11 +08:00
general_test.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
main_test.go move repository deletion to service layer (#26948) 2023-09-08 04:51:15 +00:00
matrix.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
matrix_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
msteams.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
msteams_test.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
notifier.go Move notification interface to services layer (#26915) 2023-09-05 18:37:47 +00:00
packagist.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
packagist_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
payloader.go New webhook trigger for receiving Pull Request review requests (#24481) 2023-05-24 22:06:27 -04:00
slack.go Fix release URL in webhooks (#27182) (#27185) 2023-09-21 23:22:14 +00:00
slack_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
telegram.go Add ThreadID parameter for Telegram webhooks (#25996) 2023-08-13 14:00:06 +00:00
telegram_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
webhook.go Warn instead of reporting an error when a webhook cannot be found (#26039) 2023-07-28 17:46:48 +00:00
webhook_test.go Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00
wechatwork.go Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) 2023-05-26 01:04:48 +00:00