mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-25 03:22:36 +00:00 
			
		
		
		
	Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
		
			
				
	
	
		
			31 lines
		
	
	
	
		
			966 B
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			31 lines
		
	
	
	
		
			966 B
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2019 The Gitea Authors. All rights reserved.
 | |
| // Use of this source code is governed by a MIT-style
 | |
| // license that can be found in the LICENSE file.
 | |
| 
 | |
| package setting
 | |
| 
 | |
| var (
 | |
| 	// Migrations settings
 | |
| 	Migrations = struct {
 | |
| 		MaxAttempts        int
 | |
| 		RetryBackoff       int
 | |
| 		AllowedDomains     string
 | |
| 		BlockedDomains     string
 | |
| 		AllowLocalNetworks bool
 | |
| 		SkipTLSVerify      bool
 | |
| 	}{
 | |
| 		MaxAttempts:  3,
 | |
| 		RetryBackoff: 3,
 | |
| 	}
 | |
| )
 | |
| 
 | |
| func newMigrationsService() {
 | |
| 	sec := Cfg.Section("migrations")
 | |
| 	Migrations.MaxAttempts = sec.Key("MAX_ATTEMPTS").MustInt(Migrations.MaxAttempts)
 | |
| 	Migrations.RetryBackoff = sec.Key("RETRY_BACKOFF").MustInt(Migrations.RetryBackoff)
 | |
| 
 | |
| 	Migrations.AllowedDomains = sec.Key("ALLOWED_DOMAINS").MustString("")
 | |
| 	Migrations.BlockedDomains = sec.Key("BLOCKED_DOMAINS").MustString("")
 | |
| 	Migrations.AllowLocalNetworks = sec.Key("ALLOW_LOCALNETWORKS").MustBool(false)
 | |
| 	Migrations.SkipTLSVerify = sec.Key("SKIP_TLS_VERIFY").MustBool(false)
 | |
| }
 |