diff --git a/modules/hostmatcher/hostmatcher.go b/modules/hostmatcher/hostmatcher.go index 81c4202fcd9..a092e07f411 100644 --- a/modules/hostmatcher/hostmatcher.go +++ b/modules/hostmatcher/hostmatcher.go @@ -78,6 +78,11 @@ func (hl *HostMatchList) AppendBuiltin(builtin string) { hl.builtins = append(hl.builtins, builtin) } +// AppendPattern appends more pattern to match +func (hl *HostMatchList) AppendPattern(pattern string) { + hl.patterns = append(hl.patterns, pattern) +} + // IsEmpty checks if the checklist is empty func (hl *HostMatchList) IsEmpty() bool { return hl == nil || (len(hl.builtins) == 0 && len(hl.patterns) == 0 && len(hl.ipNets) == 0) diff --git a/services/migrations/migrate.go b/services/migrations/migrate.go index f2542173a0e..9460c66dbce 100644 --- a/services/migrations/migrate.go +++ b/services/migrations/migrate.go @@ -479,5 +479,10 @@ func Init() error { } // TODO: at the moment, if ALLOW_LOCALNETWORKS=false, ALLOWED_DOMAINS=domain.com, and domain.com has IP 127.0.0.1, then it's still allowed. // if we want to block such case, the private&loopback should be added to the blockList when ALLOW_LOCALNETWORKS=false + + if setting.Proxy.Enabled && setting.Proxy.ProxyURLFixed != nil { + allowList.AppendPattern(setting.Proxy.ProxyURLFixed.Host) + } + return nil }