diff options
| author | Andrew Lytvynov <awly@tailscale.com> | 2024-03-13 17:31:07 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-13 18:31:07 -0600 |
| commit | decd9893e48bf8aba31055088f44527c6d871802 (patch) | |
| tree | 941a9971692752b101a3477adbe1f5acb90557fc /control/controlknobs | |
| parent | 48eef9e6eb78532d6708a1dd0724ee7c5b0d4368 (diff) | |
| download | tailscale-decd9893e48bf8aba31055088f44527c6d871802.tar.xz tailscale-decd9893e48bf8aba31055088f44527c6d871802.zip | |
ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (#11394)
If the client uses the default Tailscale control URL, validate that all
PopBrowserURLs are under tailscale.com or *.tailscale.com. This reduces
the risk of a compromised control plane opening phishing pages for
example.
The client trusts control for many other things, but this is one easy
way to reduce that trust a bit.
Fixes #11393
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
Diffstat (limited to 'control/controlknobs')
0 files changed, 0 insertions, 0 deletions
