arno/docker-socket-proxy
1
0
Fork 0
mirror of https://github.com/Tecnativa/docker-socket-proxy synced 2024-12-22 06:38:07 +00:00
Code Issues Releases Wiki Activity

Fix backwards compatibility code

Browse Source 
The original code will not allow write access (set via the POST var) to endpoints to which read access is not provided. Before this fix, verify_access would allow write-only access to all endpoints if the POST var was set regardless of read access.
This commit is contained in:
LifetimeMistake 2024-04-14 16:09:11 +02:00 committed by GitHub
parent eb128120ed
commit 7275202d5e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
verify.lua
View File

@ -2,7 +2,7 @@ core.register_fetches("verify_access", function(txn, api)
-- env(api) check is kept for backwards compatibility
local read_allowed = txn.f:env(api) == "1" or txn.f:env(api .. "_READ") == "1"
-- env(POST) check is kept for backwards compatibility
local write_allowed = txn.f:env(api .. "_WRITE") == "1" or txn.f:env("POST") == "1"
local write_allowed = txn.f:env(api .. "_WRITE") == "1" or (read_allowed and txn.f:env("POST") == "1")
local method = txn.f:method()
local result = ((method == "GET" or method == "HEAD") and read_allowed)