summaryrefslogtreecommitdiffhomepage
path: root/control/controlknobs
diff options
context:
space:
mode:
authorAndrew Lytvynov <awly@tailscale.com>2024-03-13 17:31:07 -0700
committerGitHub <noreply@github.com>2024-03-13 18:31:07 -0600
commitdecd9893e48bf8aba31055088f44527c6d871802 (patch)
tree941a9971692752b101a3477adbe1f5acb90557fc /control/controlknobs
parent48eef9e6eb78532d6708a1dd0724ee7c5b0d4368 (diff)
downloadtailscale-decd9893e48bf8aba31055088f44527c6d871802.tar.xz
tailscale-decd9893e48bf8aba31055088f44527c6d871802.zip
ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (#11394)
If the client uses the default Tailscale control URL, validate that all PopBrowserURLs are under tailscale.com or *.tailscale.com. This reduces the risk of a compromised control plane opening phishing pages for example. The client trusts control for many other things, but this is one easy way to reduce that trust a bit. Fixes #11393 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
Diffstat (limited to 'control/controlknobs')
0 files changed, 0 insertions, 0 deletions