MCPcopy
hub / github.com/caddyserver/caddy / checkHost

Method checkHost

admin.go:925–936  ·  view source on GitHub ↗

checkHost returns a handler that wraps next such that it will only be called if the request's Host header matches a trustworthy/expected value. This helps to mitigate DNS rebinding attacks.

(r *http.Request)

Source from the content-addressed store, hash-verified

923// a trustworthy/expected value. This helps to mitigate DNS
924// rebinding attacks.
925func (h adminHandler) checkHost(r *http.Request) error {
926 allowed := slices.ContainsFunc(h.allowedOrigins, func(u *url.URL) bool {
927 return r.Host == u.Host
928 })
929 if !allowed {
930 return APIError{
931 HTTPStatus: http.StatusForbidden,
932 Err: fmt.Errorf("host not allowed: %s", r.Host),
933 }
934 }
935 return nil
936}
937
938// checkOrigin ensures that the Origin header, if
939// set, matches the intended target; prevents arbitrary

Callers 1

serveHTTPMethod · 0.95

Calls

no outgoing calls

Tested by

no test coverage detected