mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-15 22:01:08 +00:00
013fb73068
Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
31 lines
966 B
Go
31 lines
966 B
Go
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package setting
|
|
|
|
var (
|
|
// Migrations settings
|
|
Migrations = struct {
|
|
MaxAttempts int
|
|
RetryBackoff int
|
|
AllowedDomains string
|
|
BlockedDomains string
|
|
AllowLocalNetworks bool
|
|
SkipTLSVerify bool
|
|
}{
|
|
MaxAttempts: 3,
|
|
RetryBackoff: 3,
|
|
}
|
|
)
|
|
|
|
func newMigrationsService() {
|
|
sec := Cfg.Section("migrations")
|
|
Migrations.MaxAttempts = sec.Key("MAX_ATTEMPTS").MustInt(Migrations.MaxAttempts)
|
|
Migrations.RetryBackoff = sec.Key("RETRY_BACKOFF").MustInt(Migrations.RetryBackoff)
|
|
|
|
Migrations.AllowedDomains = sec.Key("ALLOWED_DOMAINS").MustString("")
|
|
Migrations.BlockedDomains = sec.Key("BLOCKED_DOMAINS").MustString("")
|
|
Migrations.AllowLocalNetworks = sec.Key("ALLOW_LOCALNETWORKS").MustBool(false)
|
|
Migrations.SkipTLSVerify = sec.Key("SKIP_TLS_VERIFY").MustBool(false)
|
|
}
|