You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/ipn/ipnlocal
Will Norris 6b956b49e0 client/web: add some security checks for full client
Require that requests to servers in manage mode are made to the
Tailscale IP (either ipv4 or ipv6) or quad-100. Also set various
security headers on those responses.  These might be too restrictive,
but we can relax them as needed.

Allow requests to /ok (even in manage mode) with no checks. This will be
used for the connectivity check from a login client to see if the
management client is reachable.

Updates tailscale/corp#14335

Signed-off-by: Will Norris <will@tailscale.com>
1 year ago
..
testdata ipn/ipnlocal: fix the path for writing cert files (#7203) 2 years ago
breaktcp_darwin.go cmd/tailscale: add debug commands to break connections 1 year ago
breaktcp_linux.go cmd/tailscale: add debug commands to break connections 1 year ago
c2n.go clientupdate: distinguish when auto-updates are possible (#9896) 1 year ago
c2n_pprof.go tailcfg: move LogHeapPprof from Debug to c2n [capver 69] 1 year ago
cert.go ipn/ipnlocal: do unexpired cert renewals in the background 1 year ago
cert_js.go ipn/ipnlocal: do unexpired cert renewals in the background 1 year ago
cert_test.go all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} 1 year ago
dnsconfig_test.go types/netmap: remove NetworkMap.{Addresses,MachineStatus} 1 year ago
expiry.go types/netmap, all: make NetworkMap.SelfNode a tailcfg.NodeView 1 year ago
expiry_test.go types/netmap, all: make NetworkMap.SelfNode a tailcfg.NodeView 1 year ago
local.go client/web: add some security checks for full client 1 year ago
local_test.go appc,cmd/sniproxy,ipn/ipnlocal: split sniproxy configuration code out of appc 1 year ago
loglines_test.go tsd: add package with System type to unify subsystem init, discovery 2 years ago
network-lock.go ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile 1 year ago
network-lock_test.go ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile 1 year ago
peerapi.go ipn/ipnlocal,tailcfg: add AppConnector service to HostInfo when configured 1 year ago
peerapi_h2c.go all: update copyright and license headers 2 years ago
peerapi_macios_ext.go all: update copyright and license headers 2 years ago
peerapi_test.go appc,cmd/sniproxy,ipn/ipnlocal: split sniproxy configuration code out of appc 1 year ago
profiles.go Revert "ipn/ipnlocal: add new DNS and subnet router policies" (#9962) 1 year ago
profiles_notwindows.go ipn/ipnlocal: fix profile duplication 1 year ago
profiles_test.go ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile 1 year ago
profiles_windows.go Revert "ipn/ipnlocal: add new DNS and subnet router policies" (#9962) 1 year ago
serve.go ipn/ipnlocal: prevent changing serve config if conf.Locked 1 year ago
serve_test.go ipn/ipnlocal: close connections for removed proxy transports (#9884) 1 year ago
ssh.go all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} 1 year ago
ssh_stub.go all: update copyright and license headers 2 years ago
ssh_test.go ipn/ipnlocal: drop not required StateKey parameter 2 years ago
state_test.go ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile 1 year ago
web_client.go client/web: add some security checks for full client 1 year ago
web_client_stub.go client/web: add some security checks for full client 1 year ago