security: don't reveal wings version in remote API calls
This commit is contained in:
parent
6e5b14c466
commit
510d46289b
|
@ -4,10 +4,8 @@ import (
|
|||
"context"
|
||||
"emperror.dev/errors"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/google/uuid"
|
||||
"github.com/pterodactyl/wings/server"
|
||||
"github.com/pterodactyl/wings/system"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
@ -111,8 +109,8 @@ func (dl *Download) Execute() error {
|
|||
defer dl.Cancel()
|
||||
|
||||
req, _ := http.NewRequestWithContext(ctx, http.MethodGet, dl.req.URL.String(), nil)
|
||||
req.Header.Set("User-Agent", fmt.Sprintf("Pterodactyl Panel (Wings v%s) (https://pterodactyl.io)", system.Version))
|
||||
res, err := client.Do(req)
|
||||
req.Header.Set("User-Agent", "Pterodactyl Panel (https://pterodactyl.io)")
|
||||
res, err := client.Do(req) // lgtm[go/request-forgery]
|
||||
if err != nil {
|
||||
return errors.New("downloader: failed opening request to download file")
|
||||
}
|
||||
|
|
|
@ -213,7 +213,7 @@ func (str serverTransferRequest) downloadArchive() (*http.Response, error) {
|
|||
return nil, err
|
||||
}
|
||||
req.Header.Set("Authorization", str.Token)
|
||||
res, err := client.Do(req)
|
||||
res, err := client.Do(req) // lgtm[go/request-forgery]
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user