arno
/
docker-socket-proxy
mirror of https://github.com/Tecnativa/docker-socket-proxy
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix backwards compatibility code

Browse Source 
The original code will not allow write access (set via the POST var) to endpoints to which read access is not provided. Before this fix, verify_access would allow write-only access to all endpoints if the POST var was set regardless of read access.
pull/126/head
LifetimeMistake 4 weeks ago committed by GitHub
parent eb128120ed
commit 7275202d5e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
verify.lua
Unescape View File

@ -2,7 +2,7 @@ core.register_fetches("verify_access", function(txn, api)
-- env(api) check is kept for backwards compatibility
local read_allowed = txn.f:env(api) == "1" or txn.f:env(api .. "_READ") == "1"
-- env(POST) check is kept for backwards compatibility
local write_allowed = txn.f:env(api .. "_WRITE") == "1" or txn.f:env("POST") == "1"
local write_allowed = txn.f:env(api .. "_WRITE") == "1" or (read_allowed and txn.f:env("POST") == "1")
local method = txn.f:method()
local result = ((method == "GET" or method == "HEAD") and read_allowed)

Write Preview
Loading…
Cancel
Save