gitea/modules
wxiaoguang 20ae184967
Only allow webhook to send requests to allowed hosts (#17482) (#17510)
Backport #17482

* Only allow webhook to send requests to allowed hosts (backport #17482)

* use ALLOWED_HOST_LIST=* for default to keep the legacy behavior in 1.15.x
2021-11-06 09:23:43 +00:00
..
analyze Speed up enry.IsVendor (#15213) 2021-04-01 19:41:09 +02:00
auth Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16570) 2021-07-29 18:52:38 +01:00
avatar Add Image Diff for SVG files (#14867) 2021-06-05 15:32:19 +03:00
base Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
cache Add LRU mem cache implementation (#16226) 2021-07-10 23:54:15 +02:00
charset Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
context Ensure that restricted users can access repos for which they are members (#17460) (#17464) 2021-10-28 11:33:18 +08:00
convert Fix zero created time bug on commit api (#17547) 2021-11-05 14:15:44 +08:00
cron Fix archive error when rename repo or user (#16399) 2021-07-13 14:16:31 +02:00
csv Fix CSV render error (#17406) (#17431) 2021-10-25 18:31:15 +01:00
doctor Nicely handle missing user in collaborations (#17049) (#17166) 2021-09-28 07:41:12 +01:00
emoji Run processors on whole of text (#16155) 2021-06-17 11:35:05 +01:00
eventsource Hold the event source when there are no listeners (#15725) 2021-05-15 23:46:13 +02:00
generate Switch to maintained jwt lib (#16532) (#16533) 2021-07-24 11:13:50 -04:00
git Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
gitgraph Fix bug on commit graph (#15517) 2021-04-17 10:27:25 +01:00
graceful Use pointer for wrappedConn methods (#17295) (#17296) 2021-10-12 23:45:30 +01:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141) 2021-09-24 14:29:47 +01:00
hostmatcher Only allow webhook to send requests to allowed hosts (#17482) (#17510) 2021-11-06 09:23:43 +00:00
httpcache Add ETag header (#15370) 2021-04-12 10:49:26 -04:00
httplib Second attempt at preventing zombies (#16326) 2021-07-14 10:43:13 -04:00
indexer Fix data race in bleve indexer (#16474) (#16509) 2021-07-22 11:42:32 +08:00
lfs Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
log Fix race in log (#16490) (#16505) 2021-07-21 20:19:36 +08:00
markup Fix issue markdown bugs (#17413) 2021-10-23 23:30:46 +08:00
matchlist Add Allow-/Block-List for Migrate & Mirrors (#13610) 2020-11-28 19:37:58 -05:00
metrics
migrations Only allow webhook to send requests to allowed hosts (#17482) (#17510) 2021-11-06 09:23:43 +00:00
nosql Fix setting redis db path (#15698) 2021-05-03 13:24:24 -04:00
notification API pull's head/base have correct permission(#17214) (#17245) 2021-10-07 12:39:23 +03:00
options Add StatDir and replace com.StatDir (#14099) 2020-12-22 07:40:57 +08:00
password Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
pprof
private Fix dump and restore respository (#16698) (#16898) 2021-08-31 10:44:14 +01:00
process Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
public Improve assets handler middleware (#15961) 2021-05-30 18:25:11 +08:00
queue Fix race in log (#16490) (#16505) 2021-07-21 20:19:36 +08:00
recaptcha Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
references Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repofiles Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
repository Ensure that git daemon export ok is created for mirrors (#17243) (#17306) 2021-10-14 18:07:53 +02:00
secret Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
session Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
setting Only allow webhook to send requests to allowed hosts (#17482) (#17510) 2021-11-06 09:23:43 +00:00
ssh Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376) 2021-10-21 16:37:49 +08:00
storage Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977) 2021-09-07 19:39:05 +01:00
structs Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
svg Fix filepath basename on Windows for SVG bindata (#12241) 2020-07-13 21:16:40 +01:00
sync
task Fix bug of migrated repository not index (#16991) (#16996) 2021-09-09 07:02:22 +01:00
templates fix email with + when active (#17518) (#17520) 2021-11-03 00:52:38 +02:00
test Move middlewares to web/middleware (#14480) 2021-01-30 10:55:53 +02:00
timeutil Allow mocking timeutil (#17354) (#17356) 2021-10-18 16:48:23 -05:00
translation Use index of the supported tags to choose user lang (#15452) 2021-04-14 19:52:01 +01:00
typesniffer Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
upload Update golangci-lint to version 1.31.0 (#13102) 2020-10-11 21:27:20 +01:00
uri Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244) 2020-12-27 11:34:19 +08:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Only allow webhook to send requests to allowed hosts (#17482) (#17510) 2021-11-06 09:23:43 +00:00
validation Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
web Restore CORS on git smart http protocol (#16496) (#16506) 2021-07-21 15:03:02 +01:00