finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Only allow webhook to send requests to allowed hosts (#17482)

Browse source
This commit is contained in:
wxiaoguang 2021-11-01 16:39:52 +08:00 committed by GitHub
parent 4e8a81780e
commit 599ff1c054
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 284 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

6
custom/conf/app.example.ini
View file

@ -1396,6 +1396,12 @@ PATH =
;; Deliver timeout in seconds
;DELIVER_TIMEOUT = 5
;;
;; Webhook can only call allowed hosts for security reasons. Comma separated list, eg: external, 192.168.1.0/24, *.mydomain.com
;; Built-in: loopback (for localhost), private (for LAN/intranet), external (for public hosts on internet), * (for all hosts)
;; CIDR list: 1.2.3.0/8, 2001:db8::/32
;; Wildcard hosts: *.mydomain.com, 192.168.100.*
;ALLOWED_HOST_LIST = external
;;
;; Allow insecure certification
;SKIP_TLS_VERIFY = false
;;