6 Commits

Author	SHA1	Message	Date
wxiaoguang	b86606fa38	Support hostname:port to pass host matcher's check (#19543) (#19544) ... Backport #19543 hostmatcher: split the hostname from the hostname:port string, use the correct hostname to do the match.	2022-04-29 01:41:58 +08:00
Lunny Xiao	0704009dd7	Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile (#19319) ... * Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile * Apply suggestions from code review Co-authored-by: John Olheiser <john.olheiser@gmail.com> * 1.16 * Update modules/util/net.go Co-authored-by: Gusted <williamzijl7@hotmail.com> * correct bool conditional yay tests for catching this :) * Update hostmatcher.go Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Gusted <williamzijl7@hotmail.com>	2022-04-05 13:32:24 -04:00
techknowlogick	f9ea4ab69a	Bump to build with go1.18 (#19120 et al) (#19127) ... Backport #19120 Backport #19099 Backport #18874 Backport #18420 Backport #19128 Backport #18270 Bump to build with go1.18 Co-authored-by: techknowlogick <techknowlogick@gitea.io> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Jelle Hulter <jellehulter@gmail.com>	2022-03-19 18:46:47 +01:00
Gusted	ff2fd08228	Simplify parameter types (#18006) ... Remove repeated type declarations in function definitions.	2021-12-20 04:41:31 +00:00
wxiaoguang	013fb73068	Use hostmatcher to replace matchlist, improve security (#17605) ... Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.	2021-11-20 17:34:05 +08:00
wxiaoguang	599ff1c054	Only allow webhook to send requests to allowed hosts (#17482)	2021-11-01 16:39:52 +08:00