add trusted-origins cli argument (#6319)

This commit is contained in:
Alex Thillen 2023-07-20 00:04:03 +02:00 committed by GitHub
parent 7926647058
commit 93e60f7b0e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 0 deletions

View File

@ -79,6 +79,7 @@ export interface UserProvidedArgs extends UserProvidedCodeArgs {
"bind-addr"?: string
socket?: string
"socket-mode"?: string
"trusted-origins"?: string[]
version?: boolean
"proxy-domain"?: string[]
"reuse-window"?: boolean
@ -208,6 +209,11 @@ export const options: Options<Required<UserProvidedArgs>> = {
socket: { type: "string", path: true, description: "Path to a socket (bind-addr will be ignored)." },
"socket-mode": { type: "string", description: "File mode of the socket." },
"trusted-origins": {
type: "string[]",
description:
"Disables authenticate origin check for trusted origin. Useful if not able to access reverse proxy configuration.",
},
version: { type: "boolean", short: "v", description: "Display version information." },
_: { type: "string[]" },

View File

@ -355,6 +355,11 @@ export function authenticateOrigin(req: express.Request): void {
throw new Error(`unable to parse malformed origin "${originRaw}"`)
}
const trustedOrigins = req.args["trusted-origins"] || []
if (trustedOrigins.includes(origin) || trustedOrigins.includes("*")) {
return
}
const host = getHost(req)
if (typeof host === "undefined") {
// A missing host likely means the reverse proxy has not been configured to

View File

@ -70,6 +70,7 @@ describe("http", () => {
origin: test.origin,
[key]: value,
},
args: {},
})
if (typeof test.expected === "string") {
expect(() => http.authenticateOrigin(req)).toThrow(test.expected)