Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-22 06:49:40 +02:00
Code Issues Releases Activity

feat(csrf): add trusted origins cli flags [BE-11972] (#856)

Browse source 
Co-authored-by: oscarzhou <oscar.zhou@portainer.io>
Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com>
Co-authored-by: Malcolm Lockyer <segfault88@users.noreply.github.com>
This commit is contained in:
andres-portainer 2025-07-02 21:00:39 -03:00 committed by GitHub
parent d0e74d6ef4
commit d7794a06b3
9 changed files with 359 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

29
pkg/validate/validate.go
View file

@ -80,3 +80,32 @@ func IsDNSName(s string) bool {
return !IsIP(s) && dnsNameRegex.MatchString(s)
}
func IsTrustedOrigin(s string) bool {
// Reject if a scheme is present
if strings.Contains(s, "://") {
return false
}
// Prepend http:// for parsing
strTemp := "http://" + s
parsedOrigin, err := url.Parse(strTemp)
if err != nil {
return false
}
// Validate host, and ensure no user, path, query, fragment, port, etc.
if parsedOrigin.Host == "" ||
parsedOrigin.User != nil ||
parsedOrigin.Path != "" ||
parsedOrigin.RawQuery != "" ||
parsedOrigin.Fragment != "" ||
parsedOrigin.Opaque != "" ||
parsedOrigin.RawFragment != "" ||
parsedOrigin.RawPath != "" ||
parsedOrigin.Port() != "" {
return false
}
return true
}