1
0
mirror of https://github.com/Tecnativa/docker-socket-proxy synced 2024-12-31 10:50:56 +00:00

Fix backwards compatibility code

The original code will not allow write access (set via the POST var) to endpoints to which read access is not provided. Before this fix, verify_access would allow write-only access to all endpoints if the POST var was set regardless of read access.
This commit is contained in:
LifetimeMistake 2024-04-14 16:09:11 +02:00 committed by GitHub
parent eb128120ed
commit 7275202d5e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -2,7 +2,7 @@ core.register_fetches("verify_access", function(txn, api)
-- env(api) check is kept for backwards compatibility
local read_allowed = txn.f:env(api) == "1" or txn.f:env(api .. "_READ") == "1"
-- env(POST) check is kept for backwards compatibility
local write_allowed = txn.f:env(api .. "_WRITE") == "1" or txn.f:env("POST") == "1"
local write_allowed = txn.f:env(api .. "_WRITE") == "1" or (read_allowed and txn.f:env("POST") == "1")
local method = txn.f:method()
local result = ((method == "GET" or method == "HEAD") and read_allowed)