9 Commits (43c136200a181858cf36a0a876cb6609aa804120)

Author	SHA1	Message	Date
flynnnnnnnnnn	e81ccc406b	Implement FSFE REUSE for golang files (#21840) ... Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>	2 years ago
delvh	0ebb45cfe7	Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) ... Found using `find . -type f -name '*.go' -print -exec vim {} -c ':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;` Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2 years ago
Lunny Xiao	a4e91c4197	Add proxy host into allow list (#20798) ... Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2 years ago
wxiaoguang	f67a1030b3	Add tests for the host checking logic, clarify the behaviors (#20328) ... Before, the combination of AllowedDomains/BlockedDomains/AllowLocalNetworks is confusing. This PR adds tests for the logic, clarify the behaviors.	2 years ago
wxiaoguang	a51efb4c2c	Support `hostname:port` to pass host matcher's check #19543 (#19543) ... hostmatcher: split the hostname from the `hostname:port` string, use the correct hostname to do the match.	3 years ago
6543	60fbaa9068	remove not needed (#19128)	3 years ago
Gusted	ff2fd08228	Simplify parameter types (#18006) ... Remove repeated type declarations in function definitions.	3 years ago
wxiaoguang	013fb73068	Use `hostmatcher` to replace `matchlist`, improve security (#17605) ... Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.	3 years ago
wxiaoguang	599ff1c054	Only allow webhook to send requests to allowed hosts (#17482)	3 years ago