security: don't reveal wings version in remote API calls
This commit is contained in:
Dane Everitt
parent
6e5b14c466
commit
510d46289b
|
|
@ -4,10 +4,8 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"emperror.dev/errors"
|
"emperror.dev/errors"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"github.com/pterodactyl/wings/server"
|
"github.com/pterodactyl/wings/server"
|
||||||
"github.com/pterodactyl/wings/system"
|
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
|
@ -111,8 +109,8 @@ func (dl *Download) Execute() error {
|
||||||
defer dl.Cancel()
|
defer dl.Cancel()
|
||||||
|
|
||||||
req, _ := http.NewRequestWithContext(ctx, http.MethodGet, dl.req.URL.String(), nil)
|
req, _ := http.NewRequestWithContext(ctx, http.MethodGet, dl.req.URL.String(), nil)
|
||||||
req.Header.Set("User-Agent", fmt.Sprintf("Pterodactyl Panel (Wings v%s) (https://pterodactyl.io)", system.Version))
|
req.Header.Set("User-Agent", "Pterodactyl Panel (https://pterodactyl.io)")
|
||||||
res, err := client.Do(req)
|
res, err := client.Do(req) // lgtm[go/request-forgery]
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.New("downloader: failed opening request to download file")
|
return errors.New("downloader: failed opening request to download file")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -213,7 +213,7 @@ func (str serverTransferRequest) downloadArchive() (*http.Response, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
req.Header.Set("Authorization", str.Token)
|
req.Header.Set("Authorization", str.Token)
|
||||||
res, err := client.Do(req)
|
res, err := client.Do(req) // lgtm[go/request-forgery]
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user