mirrors/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-14 07:34:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: stop trusting all proxies by default in docker app.ini templates

Browse Source 
The Docker app.ini templates hard-coded REVERSE_PROXY_TRUSTED_PROXIES = *,
so with ENABLE_REVERSE_PROXY_AUTHENTICATION enabled any source IP reaching
the container could impersonate any user via the X-WEBAUTH-USER header.
Align the templates with the documented loopback-only default
(127.0.0.0/8,::1/128), matching app.example.ini and the in-code default.

Assisted-by: Claude:claude-opus-4-8
This commit is contained in:
Nicolas
2026-06-13 17:37:45 +02:00
parent c20df84548
commit e99e24cb04
2 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker/root/etc/templates/app.ini
View File

@@ -51,8 +51,6 @@ ROOT_PATH = /data/gitea/log
[security]
INSTALL_LOCK = $INSTALL_LOCK
SECRET_KEY = $SECRET_KEY
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
[service]
DISABLE_REGISTRATION = $DISABLE_REGISTRATION

2
docker/rootless/etc/templates/app.ini
View File

@@ -48,8 +48,6 @@ ROOT_PATH = $GITEA_WORK_DIR/data/log
[security]
INSTALL_LOCK = $INSTALL_LOCK
SECRET_KEY = $SECRET_KEY
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
[service]
DISABLE_REGISTRATION = $DISABLE_REGISTRATION