Mirrors/wireguard_webadmin
1
0
Fork 0
mirror of https://github.com/eduardogsilva/wireguard_webadmin.git synced 2026-03-17 22:36:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

enhance security by enforcing strict SameSite cookies, validating OIDC callback host, and improving path matching logic

Browse Source
This commit is contained in:
Eduardo Silva
2026-03-16 19:35:24 -03:00
parent 3a8d807665
commit bf1991457a
5 changed files with 25 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
containers/caddy/process_config.py
View File

@@ -109,6 +109,10 @@ def build_caddyfile(apps, auth_policies, routes):
base, upstream_path = split_upstream(upstream)
lines.append(f"{', '.join(hosts)} {{")
lines.append(" # Security: overwrite client-supplied forwarding headers with verified values")
lines.append(" request_header X-Forwarded-For {remote_host}")
lines.append(" request_header -X-Forwarded-Host")
lines.append("")
emit_auth_portal()
for static_route in static_routes: