TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-12-01 14:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

tsweb: avoid http-to-https redirect for localhost

Browse Source 
If the client is connecting over loopback, then avoid the
http-to-https redirect since this is connection within the kernel,
rather than over untrusted network, and also because
https://localhost is unlikely to work as there isn't a CA
that issues certs for localhost.

Updates tailscale/corp#11038

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
This commit is contained in:
Joe Tsai 2024-10-14 21:27:15 -07:00
parent c763b7a7db
commit 6a1fd74695
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tsweb/tsweb.go
View File

@ -146,8 +146,10 @@ type Port80Handler struct {
} }
func (h Port80Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h Port80Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
ipStr, _, _ := net.SplitHostPort(r.RemoteAddr)
ip, _ := netip.ParseAddr(ipStr)
path := r.RequestURI path := r.RequestURI
if path == "/debug" || strings.HasPrefix(path, "/debug") { if ip.IsLoopback() || path == "/debug" || strings.HasPrefix(path, "/debug") {
h.Main.ServeHTTP(w, r) h.Main.ServeHTTP(w, r)
return return
} }