From eed5f67da1afa8d4291a39714e7cd837d427155b Mon Sep 17 00:00:00 2001 From: Marius Vollmer Date: Fri, 13 Sep 2024 14:10:28 +0300 Subject: [PATCH] ws: Conditionally block channel requests to remote hosts When AllowMultiHost is false, cockpit-ws will reject all GET requests that would load from a non-localhost bridge. --- src/ws/cockpitchannelresponse.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/ws/cockpitchannelresponse.c b/src/ws/cockpitchannelresponse.c index bf01dba30233..fe30e207d264 100644 --- a/src/ws/cockpitchannelresponse.c +++ b/src/ws/cockpitchannelresponse.c @@ -601,6 +601,7 @@ cockpit_channel_response_serve (CockpitWebService *service, gchar *channel = NULL; gpointer key; gpointer value; + gboolean allow_multihost; g_return_if_fail (COCKPIT_IS_WEB_SERVICE (service)); g_return_if_fail (in_headers != NULL); @@ -614,6 +615,14 @@ cockpit_channel_response_serve (CockpitWebService *service, goto out; } + allow_multihost = cockpit_conf_bool ("WebService", "AllowMultiHost", ALLOW_MULTIHOST_DEFAULT); + if (!allow_multihost && g_strcmp0 (host, "localhost") != 0) + { + cockpit_web_response_error (response, 403, NULL, NULL); + handled = TRUE; + goto out; + } + if (quoted_etag) { cache_type = COCKPIT_WEB_RESPONSE_CACHE;