Merge pull request #43 from pterodactyl/impl/2194
Add the ability to define additional allowed origins
This commit is contained in:
commit
8af26ac864
|
@ -81,8 +81,14 @@ type Configuration struct {
|
|||
// to collect data and send events.
|
||||
PanelLocation string `json:"remote" yaml:"remote"`
|
||||
|
||||
// AllowedMounts .
|
||||
// AllowedMounts is a list of allowed host-system mount points.
|
||||
// This is required to have the "Server Mounts" feature work properly.
|
||||
AllowedMounts []string `json:"allowed_mounts" yaml:"allowed_mounts"`
|
||||
|
||||
// AllowedOrigins is a list of allowed request origins.
|
||||
// The Panel URL is automatically allowed, this is only needed for adding
|
||||
// additional origins.
|
||||
AllowedOrigins []string `json:"allowed_origins" yaml:"allowed_origins"`
|
||||
}
|
||||
|
||||
// Defines the configuration of the internal SFTP server.
|
||||
|
|
|
@ -11,8 +11,22 @@ import (
|
|||
|
||||
// Set the access request control headers on all of the requests.
|
||||
func SetAccessControlHeaders(c *gin.Context) {
|
||||
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
|
||||
c.Header("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
|
||||
|
||||
o := c.GetHeader("Origin")
|
||||
if o != config.Get().PanelLocation {
|
||||
for _, origin := range config.Get().AllowedOrigins {
|
||||
if o != origin {
|
||||
continue
|
||||
}
|
||||
|
||||
c.Header("Access-Control-Allow-Origin", origin)
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
|
||||
c.Next()
|
||||
}
|
||||
|
||||
|
|
|
@ -57,7 +57,20 @@ func GetHandler(s *server.Server, w http.ResponseWriter, r *http.Request) (*Hand
|
|||
// Ensure that the websocket request is originating from the Panel itself,
|
||||
// and not some other location.
|
||||
CheckOrigin: func(r *http.Request) bool {
|
||||
return r.Header.Get("Origin") == config.Get().PanelLocation
|
||||
o := r.Header.Get("Origin")
|
||||
if o == config.Get().PanelLocation {
|
||||
return true
|
||||
}
|
||||
|
||||
for _, origin := range config.Get().AllowedOrigins {
|
||||
if o != origin {
|
||||
continue
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -364,7 +364,7 @@ func (d *DockerEnvironment) Restart() error {
|
|||
}
|
||||
|
||||
// Check if the server is currently running the restart process by checking if there is a semaphore
|
||||
// allocated, and if so, if we can aquire a lock on it.
|
||||
// allocated, and if so, if we can acquire a lock on it.
|
||||
func (d *DockerEnvironment) IsRestarting() bool {
|
||||
if d.restartSem == nil {
|
||||
return false
|
||||
|
@ -469,7 +469,7 @@ func (d *DockerEnvironment) ExitState() (uint32, bool, error) {
|
|||
//
|
||||
// However, someone reported an error in Discord about this scenario happening,
|
||||
// so I guess this should prevent it? They didn't tell me how they caused it though
|
||||
// so thats a mystery that will have to go unsolved.
|
||||
// so that's a mystery that will have to go unsolved.
|
||||
//
|
||||
// @see https://github.com/pterodactyl/panel/issues/2003
|
||||
if client.IsErrNotFound(err) {
|
||||
|
@ -928,7 +928,7 @@ func (d *DockerEnvironment) portBindings() nat.PortMap {
|
|||
for ip, ports := range d.Server.Config().Allocations.Mappings {
|
||||
for _, port := range ports {
|
||||
// Skip over invalid ports.
|
||||
if port < 0 || port > 65535 {
|
||||
if port < 1 || port > 65535 {
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
|
@ -30,8 +30,8 @@ func (s *Server) UpdateDataStructure(data []byte, background bool) error {
|
|||
// Grab a copy of the configuration to work on.
|
||||
c := *s.Config()
|
||||
|
||||
// Lock our copy of the configuration since the defered unlock will end up acting upon this
|
||||
// new memory address rather than the old one. If we don't lock this, the defered unlock will
|
||||
// Lock our copy of the configuration since the deferred unlock will end up acting upon this
|
||||
// new memory address rather than the old one. If we don't lock this, the deferred unlock will
|
||||
// cause a panic when it goes to run. However, since we only update s.cfg at the end, if there
|
||||
// is an error before that point we'll still properly unlock the original configuration for the
|
||||
// server.
|
||||
|
|
Loading…
Reference in New Issue
Block a user