Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: Allow loopback hosts for admin endpoint (fix #5650) #5664

Merged
merged 1 commit into from
Aug 2, 2023
Merged

core: Allow loopback hosts for admin endpoint (fix #5650) #5664

merged 1 commit into from
Aug 2, 2023

Conversation

mholt
Copy link
Member

@mholt mholt commented Jul 31, 2023

This should actually be a non-breaking change, since previously we only allowed the empty Host for unix sockets. We still allow that, but turns out the most popular clients used with the admin API (Caddy's CLI and curl) don't allow empty hostnames anymore:

Anyway, this is mildly infuriating because we can no longer be compliant with RFC 2616 Section 14.26 as Go requires setting a host. But it's the best we can do.

We could disable the security checks completely for unix sockets -- and the infosec community has assured me that doing so would be safe -- but I am not ready to trust that, for instance, browsers won't always forbid access to unix sockets in the future (or maybe they have a bug). But as long as they enforce CORS we can at least have reasonable assurance that a host of 127.0.0.1 or ::1 mean the request comes from a local website. Additionally, unix sockets can have system permissions used to restrict access.

In #5650 I decided that we'd use 127.0.0.1 as a "bogus" host and continue to enforce our host/origin checks, while allowing 127.0.0.1 and ::1 as possible values.

I think this is relatively conservative, so if there's any major issues with good technical reasoning we can reconsider this approach if need be.

Ultimately I view this as a very minor regression due to an upstream patch that we're working around.

@mholt mholt added bug 🐞 Something isn't working upstream ⬆️ Relates to some dependency of this project labels Jul 31, 2023
@mholt mholt added this to the v2.7.0 milestone Jul 31, 2023
@mholt mholt linked an issue Jul 31, 2023 that may be closed by this pull request
go 1.20.6 host validation breaks setting Host to a unix socket address thus caddy reload over UDS #5650
Closed
@lukeyeager
Copy link

Thanks for handling this with urgency. FWIW, I tested this change and it does appear to fix #5650.

@mholt
Copy link
Member Author

mholt commented Aug 2, 2023

Thank you for confirming!

@mholt mholt merged commit f66493e into master Aug 2, 2023
19 checks passed
@mholt mholt deleted the admin-unix branch August 2, 2023 17:13
xiayesuifeng added a commit to xiayesuifeng/gopanel that referenced this pull request Aug 4, 2023
@xiayesuifeng
fix(caddyManager): add host for caddy admin unix socket address
3269436 
Starting from Go 1.20.6 (net/http: go 1.20.6 host validation breaks
setting Host to a unix socket address golang/go#61431) calling unix
socket address no longer allows Host to be empty, Allow loopback hosts
for admin endpoint from (caddyserver/caddy#5664)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug 🐞 Something isn't working upstream ⬆️ Relates to some dependency of this project
Projects
None yet
Milestone
v2.7.0
Development

Successfully merging this pull request may close these issues.

go 1.20.6 host validation breaks setting Host to a unix socket address thus caddy reload over UDS
2 participants
@mholt @lukeyeager