You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/ipn/ipnlocal
Andrew Lytvynov decd9893e4
ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (#11394)
If the client uses the default Tailscale control URL, validate that all
PopBrowserURLs are under tailscale.com or *.tailscale.com. This reduces
the risk of a compromised control plane opening phishing pages for
example.

The client trusts control for many other things, but this is one easy
way to reduce that trust a bit.

Fixes #11393

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
9 months ago
..
testdata
breaktcp_darwin.go
breaktcp_linux.go
c2n.go ipn: apply tailnet-wide default for auto-updates (#10508) 12 months ago
c2n_pprof.go
c2n_test.go util/cmpx: delete now that we're using Go 1.22 10 months ago
cert.go ipn/ipnlocal: remove ancient transition mechanism for https certs 10 months ago
cert_js.go ipn/ipnlocal: add c2n method to check on TLS cert fetch status 1 year ago
cert_test.go all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} 1 year ago
dnsconfig_test.go util/cmpx: delete now that we're using Go 1.22 10 months ago
expiry.go ssh/tailssh: use control server time instead of local time 1 year ago
expiry_test.go types/netmap, all: make NetworkMap.SelfNode a tailcfg.NodeView 1 year ago
local.go ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (#11394) 9 months ago
local_test.go ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (#11394) 9 months ago
loglines_test.go
network-lock.go all: remove LenIter, use Go 1.22 range-over-int instead 9 months ago
network-lock_test.go ipn/ipnlocal,cmd/tailscale: persist tailnet name in user profile 1 year ago
peerapi.go ipn/ipnlocal: fix doctor API endpoint (#11155) 10 months ago
peerapi_h2c.go
peerapi_macios_ext.go
peerapi_test.go appc,ipn/ipnlocal: add app connector routes if any part of a CNAME chain is routed 10 months ago
profiles.go util/cmpx: remove code that's in the stdlib now 12 months ago
profiles_notwindows.go
profiles_test.go ipn/ipnlocal,cmd/tailscale: persist tailnet name in user profile 1 year ago
profiles_windows.go ipn/ipnlocal: better enforce system policies 12 months ago
serve.go all: remove LenIter, use Go 1.22 range-over-int instead 9 months ago
serve_test.go ipn,wgengine: only intercept TailFS traffic on quad 100 9 months ago
ssh.go ipnlocal: log failure to get ssh host keys 10 months ago
ssh_stub.go ipnlocal: log failure to get ssh host keys 10 months ago
ssh_test.go
state_test.go ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (#11394) 9 months ago
tailfs.go ipn,cmd/tailscale,client/tailscale: add support for renaming TailFS shares 9 months ago
tailfs_test.go ipn,cmd/tailscale,client/tailscale: add support for renaming TailFS shares 9 months ago
web_client.go all: remove LenIter, use Go 1.22 range-over-int instead 9 months ago
web_client_stub.go ipn/ipnlocal: add mutex to webClient struct 1 year ago