ws: Conditionally block channel requests to remote hosts

When AllowMultiHost is false, cockpit-ws will reject all GET requests that would load from a non-localhost bridge.
cockpit-project · Sep 13, 2024 · eed5f67 · eed5f67
1 parent 6592eda
commit eed5f67
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/ws/cockpitchannelresponse.c b/src/ws/cockpitchannelresponse.c
@@ -601,6 +601,7 @@ cockpit_channel_response_serve (CockpitWebService *service,
   gchar *channel = NULL;
   gpointer key;
   gpointer value;
+  gboolean allow_multihost;
 
   g_return_if_fail (COCKPIT_IS_WEB_SERVICE (service));
   g_return_if_fail (in_headers != NULL);
@@ -614,6 +615,14 @@ cockpit_channel_response_serve (CockpitWebService *service,
       goto out;
     }
 
+  allow_multihost = cockpit_conf_bool ("WebService", "AllowMultiHost", ALLOW_MULTIHOST_DEFAULT);
+  if (!allow_multihost && g_strcmp0 (host, "localhost") != 0)
+    {
+      cockpit_web_response_error (response, 403, NULL, NULL);
+      handled = TRUE;
+      goto out;
+    }
+
   if (quoted_etag)
     {
       cache_type = COCKPIT_WEB_RESPONSE_CACHE;