oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(安全): 修复上游校验与 URL 清理问题

Browse Source 
增加请求阶段 DNS 解析校验,阻断重绑定到私网
补充默认透传 WWW-Authenticate 头,保留认证挑战
前端相对 URL 过滤拒绝 // 协议相对路径

测试: go test ./internal/repository -run TestGitHubReleaseServiceSuite
测试: go test ./internal/repository -run TestTurnstileServiceSuite
测试: go test ./internal/repository -run TestProxyProbeServiceSuite
测试: go test ./internal/repository -run TestClaudeUsageServiceSuite
This commit is contained in:
yangjianbo
2026-01-03 10:52:24 +08:00
parent bd4bf00856
commit 25e1632628
18 changed files with 168 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/src/utils/url.ts
View File

@@ -14,7 +14,7 @@ export function sanitizeUrl(value: string, options: SanitizeOptions = {}): strin
return ''
}
if (options.allowRelative && trimmed.startsWith('/')) {
if (options.allowRelative && trimmed.startsWith('/') && !trimmed.startsWith('//')) {
return trimmed
}