apunkt/imageproxy
1
0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2026-05-03 00:32:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Switch to Hostname() for checking whether a host is allowed or not (#238)

Browse source 
Using .Host allows you to get around an allowHosts or denyHosts entry by adding a port
This commit is contained in:
Blake Stoddard 2020-06-21 00:44:01 -04:00 committed by GitHub
parent f91e9cb508
commit 0da684b81e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
imageproxy.go
View file

@ -319,14 +319,14 @@ func contentTypeMatches(patterns []string, contentType string) bool {
// hostMatches returns whether the host in u matches one of hosts.
func hostMatches(hosts []string, u *url.URL) bool {
for _, host := range hosts {
if u.Host == host {
if u.Hostname() == host {
return true
}
if strings.HasPrefix(host, "*.") && strings.HasSuffix(u.Host, host[2:]) {
if strings.HasPrefix(host, "*.") && strings.HasSuffix(u.Hostname(), host[2:]) {
return true
}
// Checks whether the host in u is an IP
if ip := net.ParseIP(u.Host); ip != nil {
if ip := net.ParseIP(u.Hostname()); ip != nil {
// Checks whether our current host is a CIDR
if _, ipnet, err := net.ParseCIDR(host); err == nil {
// Checks if our host contains the IP in u