if binding to 0.0.0.0, don't validate source ip in client api
This commit is contained in:
parent
4e96d18396
commit
7303cf041e
@ -54,9 +54,10 @@ class ClientAPISecurity:
|
||||
"""Validate request has set password & is the correct hostname."""
|
||||
# For the purpose of preventing DNS rebinding attacks
|
||||
localhost = True
|
||||
if request.host != '%s:%s' % \
|
||||
(client_api.host, client_api.bindPort):
|
||||
localhost = False
|
||||
if client_api.host != '0.0.0.0':
|
||||
if request.host != '%s:%s' % \
|
||||
(client_api.host, client_api.bindPort):
|
||||
localhost = False
|
||||
|
||||
if not localhost and public_remote_enabled:
|
||||
if request.host not in public_remote_hostnames:
|
||||
|
@ -91,7 +91,7 @@ class NetController:
|
||||
if '100' not in line.decode():
|
||||
logger.info(line.decode().strip(), terminal=True)
|
||||
if 'bootstrapped 100' in line.decode().lower():
|
||||
logger.info(line.decode())
|
||||
logger.info(line.decode(), terminal=True)
|
||||
break
|
||||
elif 'opening socks listener' in line.decode().lower():
|
||||
logger.debug(line.decode().replace('\n', ''))
|
||||
|
Loading…
Reference in New Issue
Block a user