oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-09-15 18:57:04 +00:00
Code Wiki Activity

Fix inaccessible metrics endpoint when listening on Unix socket

Browse source
This commit is contained in:
Ole Bertram 2023-12-06 19:48:05 +01:00 committed by Frédéric Guillot
parent 95039410b5
commit 698bea4ec8
3 changed files with 14 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/http/server/httpd.go
View file

@ -268,6 +268,12 @@ func isAllowedToAccessMetricsEndpoint(r *http.Request) bool {
}
}
remoteIP := request.FindRemoteIP(r)
if remoteIP == "@" {
// This indicates a request sent via a Unix socket, always consider these trusted.
return true
}
for _, cidr := range config.Opts.MetricsAllowedNetworks() {
_, network, err := net.ParseCIDR(cidr)
if err != nil {
@ -283,7 +289,7 @@ func isAllowedToAccessMetricsEndpoint(r *http.Request) bool {
// We use r.RemoteAddr in this case because HTTP headers like X-Forwarded-For can be easily spoofed.
// The recommendation is to use HTTP Basic authentication.
if network.Contains(net.ParseIP(request.FindRemoteIP(r))) {
if network.Contains(net.ParseIP(remoteIP)) {
return true
}
}