githaven-fork/modules/hostmatcher
Jason Song 4e98224a45
Support allowed hosts for webhook to work with proxy (#27655)
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
2023-10-18 09:44:36 +00:00
..
hostmatcher_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
hostmatcher.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
http.go Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00