mirror/gitea
1
1
Fork 1
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-17 11:35:22 +01:00
Code Issues
release/v1.25
gitea/modules/httplib
History
Giteabot e2517e0fa9
Fix forwarded proto handling for public URL detection (#36810) (#36836) 
Backport #36810 by @lunny

- normalize `X-Forwarded-Proto`/related headers to accept only
`http`/`https`
- ignore malformed or injected scheme values to prevent spoofed
canonical URLs
- add tests covering malicious and multi-valued forwarded proto headers

---
Generated by a coding agent with Codex 5.2

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2026-03-06 19:02:50 +00:00
..
request.go Fix missing Close when error occurs and abused connection pool (#35658) (#35670) 2025-10-15 09:56:53 +00:00
serve_test.go Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
serve.go Fix external render, make iframe render work (#35727, #35730) (#35731) 2025-10-23 16:07:17 +08:00
url_test.go Fix forwarded proto handling for public URL detection (#36810) (#36836) 2026-03-06 19:02:50 +00:00
url.go Fix forwarded proto handling for public URL detection (#36810) (#36836) 2026-03-06 19:02:50 +00:00