You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/ipn
Will Norris 6b956b49e0 client/web: add some security checks for full client
Require that requests to servers in manage mode are made to the
Tailscale IP (either ipv4 or ipv6) or quad-100. Also set various
security headers on those responses.  These might be too restrictive,
but we can relax them as needed.

Allow requests to /ok (even in manage mode) with no checks. This will be
used for the connectivity check from a login client to see if the
management client is reachable.

Updates tailscale/corp#14335

Signed-off-by: Will Norris <will@tailscale.com>
1 year ago
..
conffile ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key 1 year ago
ipnauth ipn/ipnauth: improve the Windows token administrator check 1 year ago
ipnlocal client/web: add some security checks for full client 1 year ago
ipnserver ipn/ipnauth: improve the Windows token administrator check 1 year ago
ipnstate client/web: restrict full management client behind browser sessions 1 year ago
localapi ipn/localapi: make serveTKASign require write permission (#10094) 1 year ago
policy ipn: prefer allow/denylist terminology 2 years ago
store cmd/k8s-operator,ipn/store/kubestore: patch secrets instead of updating 1 year ago
backend.go cmd/tailscale,ipn/ipnlocal: print debug component names 1 year ago
conf.go ipn: add user pref for running web client 1 year ago
doc.go all: update copyright and license headers 2 years ago
fake_test.go all: update copyright and license headers 2 years ago
ipn_clone.go ipn: introduce app connector advertisement preference and flags 1 year ago
ipn_test.go net/packet: split off checksum munging into different pkg 1 year ago
ipn_view.go ipn: introduce app connector advertisement preference and flags 1 year ago
prefs.go ipn: introduce app connector advertisement preference and flags 1 year ago
prefs_test.go ipn: introduce app connector advertisement preference and flags 1 year ago
serve.go ipn/localapi: require local Windows admin to set serve path (#9969) 1 year ago
serve_test.go ipn/localapi: require local Windows admin to set serve path (#9969) 1 year ago
store.go ipn: avoid useless no-op WriteState calls 1 year ago
store_test.go ipn: avoid useless no-op WriteState calls 1 year ago