Project

General

Profile

Bug #6589

Trusted host list seems to be ignored

Added by Martin Milata over 6 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

The trusted host list does not seem to be used (migrate_settings.rb only moves the configuration value around).

~/smart-proxy$ git grep -l trusted_hosts       
config/settings.yml.example
extra/migrate_settings.rb
test/migration_settings.yml
test/migration_test.rb

If you decide to bring back the check, I would really appreciate if it was possible to exclude some REST API paths from the check because the ABRT plugin needs to accept problem reports even from untrusted hosts.


Related issues

Has duplicate Smart Proxy - Bug #5651: The 'trusted_hosts' config key has an unintuitive (and potentially dangerous) behaviorDuplicate2014-05-09

Associated revisions

Revision 0c9a01b6 (diff)
Added by Dominic Cleal over 6 years ago

fixes #6589 - add trusted_hosts check back

History

#1 Updated by Dominic Cleal over 6 years ago

  • Legacy Backlogs Release (now unused) set to 10

#2 Updated by Dominic Cleal over 6 years ago

  • Assignee set to Dominic Cleal

#3 Updated by The Foreman Bot over 6 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.7.5
  • Pull request https://github.com/theforeman/smart-proxy/pull/195 added
  • Pull request deleted ()

#4 Updated by Dominic Cleal over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Dominic Cleal about 6 years ago

  • Has duplicate Bug #5651: The 'trusted_hosts' config key has an unintuitive (and potentially dangerous) behavior added

Also available in: Atom PDF