Merge pull request #43 from pterodactyl/impl/2194
Add the ability to define additional allowed origins
This commit is contained in:
commit
8af26ac864
|
@ -81,8 +81,14 @@ type Configuration struct {
|
||||||
// to collect data and send events.
|
// to collect data and send events.
|
||||||
PanelLocation string `json:"remote" yaml:"remote"`
|
PanelLocation string `json:"remote" yaml:"remote"`
|
||||||
|
|
||||||
// AllowedMounts .
|
// AllowedMounts is a list of allowed host-system mount points.
|
||||||
|
// This is required to have the "Server Mounts" feature work properly.
|
||||||
AllowedMounts []string `json:"allowed_mounts" yaml:"allowed_mounts"`
|
AllowedMounts []string `json:"allowed_mounts" yaml:"allowed_mounts"`
|
||||||
|
|
||||||
|
// AllowedOrigins is a list of allowed request origins.
|
||||||
|
// The Panel URL is automatically allowed, this is only needed for adding
|
||||||
|
// additional origins.
|
||||||
|
AllowedOrigins []string `json:"allowed_origins" yaml:"allowed_origins"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Defines the configuration of the internal SFTP server.
|
// Defines the configuration of the internal SFTP server.
|
||||||
|
|
|
@ -11,8 +11,22 @@ import (
|
||||||
|
|
||||||
// Set the access request control headers on all of the requests.
|
// Set the access request control headers on all of the requests.
|
||||||
func SetAccessControlHeaders(c *gin.Context) {
|
func SetAccessControlHeaders(c *gin.Context) {
|
||||||
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
|
|
||||||
c.Header("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
|
c.Header("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
|
||||||
|
|
||||||
|
o := c.GetHeader("Origin")
|
||||||
|
if o != config.Get().PanelLocation {
|
||||||
|
for _, origin := range config.Get().AllowedOrigins {
|
||||||
|
if o != origin {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Header("Access-Control-Allow-Origin", origin)
|
||||||
|
c.Next()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
|
||||||
c.Next()
|
c.Next()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,20 @@ func GetHandler(s *server.Server, w http.ResponseWriter, r *http.Request) (*Hand
|
||||||
// Ensure that the websocket request is originating from the Panel itself,
|
// Ensure that the websocket request is originating from the Panel itself,
|
||||||
// and not some other location.
|
// and not some other location.
|
||||||
CheckOrigin: func(r *http.Request) bool {
|
CheckOrigin: func(r *http.Request) bool {
|
||||||
return r.Header.Get("Origin") == config.Get().PanelLocation
|
o := r.Header.Get("Origin")
|
||||||
|
if o == config.Get().PanelLocation {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, origin := range config.Get().AllowedOrigins {
|
||||||
|
if o != origin {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -364,7 +364,7 @@ func (d *DockerEnvironment) Restart() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the server is currently running the restart process by checking if there is a semaphore
|
// Check if the server is currently running the restart process by checking if there is a semaphore
|
||||||
// allocated, and if so, if we can aquire a lock on it.
|
// allocated, and if so, if we can acquire a lock on it.
|
||||||
func (d *DockerEnvironment) IsRestarting() bool {
|
func (d *DockerEnvironment) IsRestarting() bool {
|
||||||
if d.restartSem == nil {
|
if d.restartSem == nil {
|
||||||
return false
|
return false
|
||||||
|
@ -469,7 +469,7 @@ func (d *DockerEnvironment) ExitState() (uint32, bool, error) {
|
||||||
//
|
//
|
||||||
// However, someone reported an error in Discord about this scenario happening,
|
// However, someone reported an error in Discord about this scenario happening,
|
||||||
// so I guess this should prevent it? They didn't tell me how they caused it though
|
// so I guess this should prevent it? They didn't tell me how they caused it though
|
||||||
// so thats a mystery that will have to go unsolved.
|
// so that's a mystery that will have to go unsolved.
|
||||||
//
|
//
|
||||||
// @see https://github.com/pterodactyl/panel/issues/2003
|
// @see https://github.com/pterodactyl/panel/issues/2003
|
||||||
if client.IsErrNotFound(err) {
|
if client.IsErrNotFound(err) {
|
||||||
|
@ -928,7 +928,7 @@ func (d *DockerEnvironment) portBindings() nat.PortMap {
|
||||||
for ip, ports := range d.Server.Config().Allocations.Mappings {
|
for ip, ports := range d.Server.Config().Allocations.Mappings {
|
||||||
for _, port := range ports {
|
for _, port := range ports {
|
||||||
// Skip over invalid ports.
|
// Skip over invalid ports.
|
||||||
if port < 0 || port > 65535 {
|
if port < 1 || port > 65535 {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -30,8 +30,8 @@ func (s *Server) UpdateDataStructure(data []byte, background bool) error {
|
||||||
// Grab a copy of the configuration to work on.
|
// Grab a copy of the configuration to work on.
|
||||||
c := *s.Config()
|
c := *s.Config()
|
||||||
|
|
||||||
// Lock our copy of the configuration since the defered unlock will end up acting upon this
|
// Lock our copy of the configuration since the deferred unlock will end up acting upon this
|
||||||
// new memory address rather than the old one. If we don't lock this, the defered unlock will
|
// new memory address rather than the old one. If we don't lock this, the deferred unlock will
|
||||||
// cause a panic when it goes to run. However, since we only update s.cfg at the end, if there
|
// cause a panic when it goes to run. However, since we only update s.cfg at the end, if there
|
||||||
// is an error before that point we'll still properly unlock the original configuration for the
|
// is an error before that point we'll still properly unlock the original configuration for the
|
||||||
// server.
|
// server.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user