205hlab-mirrors/traefik
2
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2026-06-17 19:09:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use url.Parse to validate X-Forwarded-Prefix value

Browse Source
This commit is contained in:
Kevin Pollet
2026-02-10 14:48:06 +01:00
committed by GitHub
parent d337748873
commit 4b3c971ea3
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/dashboard/dashboard.go
+4 -1
View File
@@ -4,6 +4,7 @@ import (
"fmt"
"io/fs"
"net/http"
"net/url"
"strings"
"text/template"
@@ -80,7 +81,9 @@ func Append(router *mux.Router, basePath string, customAssets fs.FS) error {
Path(basePath).
HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
xfPrefix := req.Header.Get("X-Forwarded-Prefix")
if strings.Contains(xfPrefix, "//") {
// Validates that the X-Forwarded-Prefix value contains a relative URL.
if u, err := url.Parse(xfPrefix); err != nil || u.Host != "" || u.Scheme != "" {
log.Error().Msgf("X-Forwarded-Prefix contains an invalid value: %s, defaulting to empty prefix", xfPrefix)
xfPrefix = ""
}