Add the ability to define additional allowed origins
This commit is contained in:
parent
373dbd355e
commit
b811d2474e
|
@ -83,6 +83,9 @@ type Configuration struct {
|
||||||
|
|
||||||
// AllowedMounts .
|
// AllowedMounts .
|
||||||
AllowedMounts []string `json:"allowed_mounts" yaml:"allowed_mounts"`
|
AllowedMounts []string `json:"allowed_mounts" yaml:"allowed_mounts"`
|
||||||
|
|
||||||
|
// AllowedOrigins .
|
||||||
|
AllowedOrigins []string `json:"allowed_origins" yaml:"allowed_origins"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Defines the configuration of the internal SFTP server.
|
// Defines the configuration of the internal SFTP server.
|
||||||
|
|
|
@ -11,8 +11,22 @@ import (
|
||||||
|
|
||||||
// Set the access request control headers on all of the requests.
|
// Set the access request control headers on all of the requests.
|
||||||
func SetAccessControlHeaders(c *gin.Context) {
|
func SetAccessControlHeaders(c *gin.Context) {
|
||||||
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
|
|
||||||
c.Header("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
|
c.Header("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
|
||||||
|
|
||||||
|
o := c.GetHeader("Origin")
|
||||||
|
if o != config.Get().PanelLocation {
|
||||||
|
for _, origin := range config.Get().AllowedOrigins {
|
||||||
|
if o != origin {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Header("Access-Control-Allow-Origin", origin)
|
||||||
|
c.Next()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
|
||||||
c.Next()
|
c.Next()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,20 @@ func GetHandler(s *server.Server, w http.ResponseWriter, r *http.Request) (*Hand
|
||||||
// Ensure that the websocket request is originating from the Panel itself,
|
// Ensure that the websocket request is originating from the Panel itself,
|
||||||
// and not some other location.
|
// and not some other location.
|
||||||
CheckOrigin: func(r *http.Request) bool {
|
CheckOrigin: func(r *http.Request) bool {
|
||||||
return r.Header.Get("Origin") == config.Get().PanelLocation
|
o := r.Header.Get("Origin")
|
||||||
|
if o == config.Get().PanelLocation {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, origin := range config.Get().AllowedOrigins {
|
||||||
|
if o != origin {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -364,7 +364,7 @@ func (d *DockerEnvironment) Restart() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the server is currently running the restart process by checking if there is a semaphore
|
// Check if the server is currently running the restart process by checking if there is a semaphore
|
||||||
// allocated, and if so, if we can aquire a lock on it.
|
// allocated, and if so, if we can acquire a lock on it.
|
||||||
func (d *DockerEnvironment) IsRestarting() bool {
|
func (d *DockerEnvironment) IsRestarting() bool {
|
||||||
if d.restartSem == nil {
|
if d.restartSem == nil {
|
||||||
return false
|
return false
|
||||||
|
@ -469,7 +469,7 @@ func (d *DockerEnvironment) ExitState() (uint32, bool, error) {
|
||||||
//
|
//
|
||||||
// However, someone reported an error in Discord about this scenario happening,
|
// However, someone reported an error in Discord about this scenario happening,
|
||||||
// so I guess this should prevent it? They didn't tell me how they caused it though
|
// so I guess this should prevent it? They didn't tell me how they caused it though
|
||||||
// so thats a mystery that will have to go unsolved.
|
// so that's a mystery that will have to go unsolved.
|
||||||
//
|
//
|
||||||
// @see https://github.com/pterodactyl/panel/issues/2003
|
// @see https://github.com/pterodactyl/panel/issues/2003
|
||||||
if client.IsErrNotFound(err) {
|
if client.IsErrNotFound(err) {
|
||||||
|
@ -928,7 +928,7 @@ func (d *DockerEnvironment) portBindings() nat.PortMap {
|
||||||
for ip, ports := range d.Server.Config().Allocations.Mappings {
|
for ip, ports := range d.Server.Config().Allocations.Mappings {
|
||||||
for _, port := range ports {
|
for _, port := range ports {
|
||||||
// Skip over invalid ports.
|
// Skip over invalid ports.
|
||||||
if port < 0 || port > 65535 {
|
if port < 1 || port > 65535 {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -30,8 +30,8 @@ func (s *Server) UpdateDataStructure(data []byte, background bool) error {
|
||||||
// Grab a copy of the configuration to work on.
|
// Grab a copy of the configuration to work on.
|
||||||
c := *s.Config()
|
c := *s.Config()
|
||||||
|
|
||||||
// Lock our copy of the configuration since the defered unlock will end up acting upon this
|
// Lock our copy of the configuration since the deferred unlock will end up acting upon this
|
||||||
// new memory address rather than the old one. If we don't lock this, the defered unlock will
|
// new memory address rather than the old one. If we don't lock this, the deferred unlock will
|
||||||
// cause a panic when it goes to run. However, since we only update s.cfg at the end, if there
|
// cause a panic when it goes to run. However, since we only update s.cfg at the end, if there
|
||||||
// is an error before that point we'll still properly unlock the original configuration for the
|
// is an error before that point we'll still properly unlock the original configuration for the
|
||||||
// server.
|
// server.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user