starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-11 03:27:20 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity
Files
3529fe0da16e9f79b34ce9d13cfcaf4035b9c751
headscale/hscontrol/types
History
Kristoffer Dalby 3529fe0da1 types: fix OIDC identifier path traversal dropping subject 
url.JoinPath resolves path-traversal segments like '..' and '.',
which silently drops the OIDC subject from the identifier. For
example, Iss='https://example.com' with Sub='..' produces
'https://example.com' — the subject is lost entirely. This causes
distinct OIDC users to receive colliding identifiers.

Replace url.JoinPath with simple string concatenation using a slash
separator. This preserves the subject literally regardless of its
content. url.PathEscape does not help because dots are valid URL
path characters and are not escaped.
2026-04-10 13:18:56 +01:00
..
change
types/change: fix slice aliasing in Change.Merge
2026-04-10 13:18:56 +01:00
testdata
Restore support for "Override local DNS" (#2438)
2025-04-17 17:16:59 +02:00
api_key.go
types: add MarshalZerologObject to domain types
2026-02-06 07:40:29 +01:00
common_test.go
mapper: produce map before poll (#2628)
2025-07-28 11:15:53 +02:00
common.go
all: fix test flakiness and improve test infrastructure
2026-03-14 02:52:28 -07:00
config_test.go
all: fix golangci-lint issues (#3064)
2026-02-06 21:45:32 +01:00
config.go
types: add node.expiry config, deprecate oidc.expiry
2026-04-08 13:00:22 +01:00
const.go
improve testing of route failover logic
2024-04-15 12:31:53 +02:00
main_test.go
all: fix test flakiness and improve test infrastructure
2026-03-14 02:52:28 -07:00
node_benchmark_test.go
types: avoid NodeView clone in CanAccess
2026-02-26 19:15:07 -08:00
node_tags_test.go
all: upgrade to Go 1.26rc2 and modernize codebase
2026-02-08 12:35:23 +01:00
node_test.go
types: include ExitRoutes in HasNetworkChanges
2026-04-01 14:10:42 +01:00
node.go
types: fix nil panics in Owner() and TailscaleUserID() for orphaned nodes
2026-04-10 13:18:56 +01:00
policy.go
feat: implements apis for managing headscale policy (#1792)
2024-07-18 07:38:25 +02:00
preauth_key_test.go
all: upgrade to Go 1.26rc2 and modernize codebase
2026-02-08 12:35:23 +01:00
preauth_key.go
all: fix golangci-lint issues (#3064)
2026-02-06 21:45:32 +01:00
routes.go
Redo route code (#2422)
2025-02-26 16:22:55 +01:00
types_clone.go
all: regenerate generated files for new tool versions
2026-04-09 18:42:25 +01:00
types_view.go
all: regenerate generated files for new tool versions
2026-04-09 18:42:25 +01:00
users_test.go
all: fix golangci-lint issues (#3064)
2026-02-06 21:45:32 +01:00
users.go
types: fix OIDC identifier path traversal dropping subject
2026-04-10 13:18:56 +01:00
version.go
all: fix golangci-lint issues (#3064)
2026-02-06 21:45:32 +01:00