TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-12 05:37:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: also accept service IP IPv6 literal in brackets for quad100

Browse Source 
The fix in 4fc8538e2 was sufficient for IPv6. Browsers (can?) send the
IPv6 literal, even without a port number, in brackets.

Updates tailscale/corp#7948

Change-Id: I0e429d3de4df8429152c12f251ab140b0c8f6b77
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2022-11-16 11:38:25 -08:00
committed by Brad Fitzpatrick
parent 296e712591
commit e9c851b04b
3 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ipn/ipnlocal/local.go
View File

@@ -3925,6 +3925,17 @@ func (b *LocalBackend) HandleQuad100Port80Conn(c net.Conn) {
s.Serve(netutil.NewOneConnListener(c, nil))
}
func validQuad100Host(h string) bool {
switch h {
case "",
tsaddr.TailscaleServiceIPString,
tsaddr.TailscaleServiceIPv6String,
"[" + tsaddr.TailscaleServiceIPv6String + "]":
return true
}
return false
}
func (b *LocalBackend) handleQuad100Port80Conn(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Content-Security-Policy", "default-src 'self';")
@@ -3932,9 +3943,7 @@ func (b *LocalBackend) handleQuad100Port80Conn(w http.ResponseWriter, r *http.Re
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
return
}
switch r.Host {
case "", tsaddr.TailscaleServiceIP().String(), tsaddr.TailscaleServiceIPv6().String():
default:
if !validQuad100Host(r.Host) {
http.Error(w, "bad request", http.StatusBadRequest)
return
}