fix: always override default proxies
Gin trusts all proxies by default. This is a security problem.
This commit is contained in:
Jannis Mattheis
parent
c68b2b5a72
commit
949e5df17e
|
|
@ -27,10 +27,8 @@ import (
|
||||||
func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Configuration) (*gin.Engine, func()) {
|
func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Configuration) (*gin.Engine, func()) {
|
||||||
g := gin.New()
|
g := gin.New()
|
||||||
|
|
||||||
if conf.Server.TrustedProxies != nil {
|
|
||||||
g.SetTrustedProxies(conf.Server.TrustedProxies)
|
g.SetTrustedProxies(conf.Server.TrustedProxies)
|
||||||
g.ForwardedByClientIP = true
|
g.ForwardedByClientIP = true
|
||||||
}
|
|
||||||
|
|
||||||
g.Use(func(ctx *gin.Context) {
|
g.Use(func(ctx *gin.Context) {
|
||||||
// Map sockets "@" to 127.0.0.1, because gin-gonic can only trust IPs.
|
// Map sockets "@" to 127.0.0.1, because gin-gonic can only trust IPs.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue