Skip to content

Commit

Permalink
Ignore Even More Headers (#645)
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidnewhall
davidnewhall authored Jan 6, 2024
2 parents 4de1abf + 4335ad9 commit b6bd577
Showing 1 changed file with 24 additions and 17 deletions.
41 changes: 24 additions & 17 deletions pkg/bindata/templates/profile.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,27 +108,34 @@ <h4>No Password</h4>
<td>
<select id="AuthHeader" name="AuthHeader" class="profile-parameter form-control input-sm" type="select">
{{- range $header, $val := .Headers }}
{{- /* Hide some headers, but not the one that's currently selected. */ -}}
{{- /* Ignored Headers. Hide some headers, but not the one that's currently selected. */ -}}
{{ if or (eq (lower $header) (lower $.Config.UIPassword.Header)) (and
(ne (lower $header) "accept") (ne (lower $header) "accept-encoding")
(ne (lower $header) "accept-language") (ne (lower $header) "cache-control")
(ne (lower $header) "cdn-loop") (ne (lower $header) "cf-connecting-ip")
(ne (lower $header) "cf-ipcountry") (ne (lower $header) "cf-ray")
(ne (lower $header) "cf-visitor") (ne (lower $header) "connection")
(ne (lower $header) "cookie") (ne (lower $header) "dnt")
(ne (lower $header) "expect") (ne (lower $header) "pragma")
(ne (lower $header) "priority") (ne (lower $header) "referer")
(ne (lower $header) "sec-ch-ua") (ne (lower $header) "sec-ch-ua-mobile")
(ne (lower $header) "sec-ch-ua-platform") (ne (lower $header) "sec-fetch-dest")
(ne (lower $header) "sec-fetch-mode") (ne (lower $header) "sec-fetch-site")
(ne (lower $header) "strict-transport-security") (ne (lower $header) "te")
(ne (lower $header) "upgrade-insecure-requests") (ne (lower $header) "user-agent")
(ne (lower $header) "x-content-type-options") (ne (lower $header) "x-forwarded-for")
(ne (lower $header) "x-forwarded-host") (ne (lower $header) "x-forwarded-method")
(ne (lower $header) "x-forwarded-proto") (ne (lower $header) "x-forwarded-ssl")
(ne (lower $header) "x-forwarded-uri") (ne (lower $header) "x-noticlient-username")
(ne (lower $header) "x-original-uri") (ne (lower $header) "x-real-ip")
(ne (lower $header) "x-redacted-uri") (ne (lower $header) "x-request-id")
(ne (lower $header) "cf-ipcity") (ne (lower $header) "cf-ipcontinent")
(ne (lower $header) "cf-ipcountry") (ne (lower $header) "cf-iplatitude")
(ne (lower $header) "cf-iplongitude") (ne (lower $header) "cf-metro-code")
(ne (lower $header) "cf-postal-code") (ne (lower $header) "cf-ray")
(ne (lower $header) "cf-region") (ne (lower $header) "cf-region-code")
(ne (lower $header) "cf-timezone") (ne (lower $header) "cf-visitor")
(ne (lower $header) "connection") (ne (lower $header) "cookie")
(ne (lower $header) "dnt") (ne (lower $header) "expect")
(ne (lower $header) "pragma") (ne (lower $header) "priority")
(ne (lower $header) "referer") (ne (lower $header) "sec-ch-ua")
(ne (lower $header) "sec-ch-ua-mobile") (ne (lower $header) "sec-ch-ua-platform")
(ne (lower $header) "sec-fetch-dest") (ne (lower $header) "sec-fetch-mode")
(ne (lower $header) "sec-fetch-site") (ne (lower $header) "strict-transport-security")
(ne (lower $header) "te") (ne (lower $header) "upgrade-insecure-requests")
(ne (lower $header) "user-agent") (ne (lower $header) "x-content-type-options")
(ne (lower $header) "x-forwarded-for") (ne (lower $header) "x-forwarded-host")
(ne (lower $header) "x-forwarded-method") (ne (lower $header) "x-forwarded-port")
(ne (lower $header) "x-forwarded-proto") (ne (lower $header) "x-forwarded-server")
(ne (lower $header) "x-forwarded-ssl") (ne (lower $header) "x-forwarded-uri")
(ne (lower $header) "x-noticlient-username") (ne (lower $header) "x-original-method")
(ne (lower $header) "x-original-uri") (ne (lower $header) "x-original-url")
(ne (lower $header) "x-real-ip") (ne (lower $header) "x-redacted-uri")
(ne (lower $header) "x-request-id")

)}}
<option value="{{$header}}"{{if eq (lower $header) (lower $.Config.UIPassword.Header)}} selected{{end}}>{{$header}}: {{index $val 0}}</option>
Expand Down

0 comments on commit b6bd577

Please sign in to comment.