مراية لـ
https://github.com/postalserver/postal.git
تم المزامنة 2025-12-01 05:43:04 +00:00
feat: configurable trusted proxies for web requests
هذا الالتزام موجود في:
Adam Cooke
@@ -1,15 +1,10 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
module Rack
|
Rack::Request.ip_filter = lambda { |ip|
|
||||||
class Request
|
if Postal::Config.postal.trusted_proxies.any? { |net| net.include?(ip) } ||
|
||||||
|
ip.match(/\A127\.0\.0\.1\Z|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i)
|
||||||
module Helpers
|
true
|
||||||
|
else
|
||||||
def trusted_proxy?(ip)
|
false
|
||||||
ip =~ /^127\.0\.0\.1$|^localhost$|^unix$$/i
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
}
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ This document contains all the environment variables which are available for thi
|
|||||||
| `POSTAL_USE_RESENT_SENDER_HEADER` | Boolean | Append a Resend-Sender header to all outgoing e-mails | true |
|
| `POSTAL_USE_RESENT_SENDER_HEADER` | Boolean | Append a Resend-Sender header to all outgoing e-mails | true |
|
||||||
| `POSTAL_SIGNING_KEY_PATH` | String | Path to the private key used for signing | config/postal/signing.key |
|
| `POSTAL_SIGNING_KEY_PATH` | String | Path to the private key used for signing | config/postal/signing.key |
|
||||||
| `POSTAL_SMTP_RELAYS` | Array of strings | An array of SMTP relays in the format of smtp://host:port | |
|
| `POSTAL_SMTP_RELAYS` | Array of strings | An array of SMTP relays in the format of smtp://host:port | |
|
||||||
|
| `POSTAL_TRUSTED_PROXIES` | Array of strings | An array of IP addresses to trust for proxying requests to Postal (in addition to localhost addresses) | |
|
||||||
| `WEB_SERVER_DEFAULT_PORT` | Integer | The default port the web server should listen on unless overriden by the PORT environment variable | 5000 |
|
| `WEB_SERVER_DEFAULT_PORT` | Integer | The default port the web server should listen on unless overriden by the PORT environment variable | 5000 |
|
||||||
| `WEB_SERVER_DEFAULT_BIND_ADDRESS` | String | The default bind address the web server should listen on unless overriden by the BIND_ADDRESS environment variable | 127.0.0.1 |
|
| `WEB_SERVER_DEFAULT_BIND_ADDRESS` | String | The default bind address the web server should listen on unless overriden by the BIND_ADDRESS environment variable | 127.0.0.1 |
|
||||||
| `WEB_SERVER_MAX_THREADS` | Integer | The maximum number of threads which can be used by the web server | 5 |
|
| `WEB_SERVER_MAX_THREADS` | Integer | The maximum number of threads which can be used by the web server | 5 |
|
||||||
|
|||||||
@@ -27,6 +27,8 @@ postal:
|
|||||||
signing_key_path: config/postal/signing.key
|
signing_key_path: config/postal/signing.key
|
||||||
# An array of SMTP relays in the format of smtp://host:port
|
# An array of SMTP relays in the format of smtp://host:port
|
||||||
smtp_relays: []
|
smtp_relays: []
|
||||||
|
# An array of IP addresses to trust for proxying requests to Postal (in addition to localhost addresses)
|
||||||
|
trusted_proxies: []
|
||||||
|
|
||||||
web_server:
|
web_server:
|
||||||
# The default port the web server should listen on unless overriden by the PORT environment variable
|
# The default port the web server should listen on unless overriden by the PORT environment variable
|
||||||
|
|||||||
@@ -84,6 +84,12 @@ module Postal
|
|||||||
}
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
string :trusted_proxies do
|
||||||
|
array
|
||||||
|
description "An array of IP addresses to trust for proxying requests to Postal (in addition to localhost addresses)"
|
||||||
|
transform { |ip| IPAddr.new(ip) }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
group :web_server do
|
group :web_server do
|
||||||
|
|||||||
المرجع في مشكلة جديدة
حظر مستخدم