andreas/ente-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restrict museum routes to primary host

Browse Source
This commit is contained in:
Andreas Dueren
2025-11-20 12:36:02 -06:00
parent 6ff0b1756d
commit ef00dde487
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
start.sh
View File

@@ -1219,7 +1219,9 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
respond 204
}
handle_path /api/* {
@api_host host ${PHOTOS_HOST}
handle @api_host {
handle_path /api/* {
@api_cors_path header Origin *
header @api_cors_path {
Access-Control-Allow-Origin {http.request.header.Origin}
@@ -1236,6 +1238,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
}
}
handle /health {
@@ -1272,6 +1275,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
}
@museum_api_get_path {
host ${PHOTOS_HOST}
method GET HEAD
path_regexp museum_api_get_path ^/(admin|authenticator|billing|cast|collections|custom-domain|diff|discount|email-hash|emails-from-hashes|emergency-contacts|family|file|file-link|files|fire|info|job|mail|metrics|multipart-upload-urls|offers|options|pass-info|passkeys|public-collection|push|queue|remote-store|storage-bonus|thumbnail|trash|unknown-api|upload-urls|user|user-entity|verify-password)(/|$)
}
@@ -1285,6 +1289,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
}
@write_methods_path {
host ${PHOTOS_HOST}
not method GET
not method HEAD
}