summaryrefslogtreecommitdiffhomepage
path: root/control/controlhttp/controlhttpserver/controlhttpserver.go
diff options
context:
space:
mode:
authorPatrick O'Doherty <patrick@tailscale.com>2025-05-22 12:26:02 -0700
committerGitHub <noreply@github.com>2025-05-22 12:26:02 -0700
commita05924a9e5018da6f64fd92eb9ba37e599cab567 (patch)
treecbde6e6df234c63dbc35f60b439898c9f86105a8 /control/controlhttp/controlhttpserver/controlhttpserver.go
parent3ee4c60ff0257d11842523c1c59492345030dce2 (diff)
downloadtailscale-a05924a9e5018da6f64fd92eb9ba37e599cab567.tar.xz
tailscale-a05924a9e5018da6f64fd92eb9ba37e599cab567.zip
client/web: add Sec-Fetch-Site CSRF protection (#16046)
RELNOTE=Fix CSRF errors in the client Web UI Replace gorilla/csrf with a Sec-Fetch-Site based CSRF protection middleware that falls back to comparing the Host & Origin headers if no SFS value is passed by the client. Add an -origin override to the web CLI that allows callers to specify the origin at which the web UI will be available if it is hosted behind a reverse proxy or within another application via CGI. Updates #14872 Updates #15065 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
Diffstat (limited to 'control/controlhttp/controlhttpserver/controlhttpserver.go')
0 files changed, 0 insertions, 0 deletions