Commit graph

2 commits

Author SHA1 Message Date
d076196bac service.py: SSRF protection — reject local transport, add --allowed-hosts
The preview endpoint is co-hosted with a specific Forgejo instance, so it
should only be allowed to fetch from that host.

- Local file transport (ifc:///path) is always rejected with 403 — the service
  must not read from the server's own filesystem
- New --allowed-hosts CLI option for `ifcurl serve` takes a comma-separated
  list of permitted git hostnames (e.g. git.example.com or localhost:3000);
  any unlisted host is rejected with 403
- Defense-in-depth: literal private/loopback/link-local IP addresses are
  blocked even without an allowlist (169.254.x.x, 127.x, RFC1918, etc.)
- README and forgejo/README.md updated to include --allowed-hosts in the
  standard deployment invocation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 08:26:37 +01:00
e02ba0e214 forgejo: complete patch directory with apply instructions
Add the missing Go source files and a README covering the full apply
procedure. Previously only custom assets and the test file were tracked
here; ifc_url.go and the two-file diff were only in the Forgejo tree.

- forgejo/modules/markup/markdown/ifc_url.go — goldmark extension source
- forgejo/go.patch — diff for markdown.go + markup.go (7 lines total)
- forgejo/README.md — step-by-step: apply patch, run tests, build,
  deploy assets, configure app.ini, upgrade procedure

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 07:57:33 +01:00