Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ListenAndServe allows access if ServerBindAddr isn't explicitly set #775

Closed
lenny-goodell opened this issue Mar 30, 2021 · 0 comments · Fixed by #776
Closed

ListenAndServe allows access if ServerBindAddr isn't explicitly set #775

lenny-goodell opened this issue Mar 30, 2021 · 0 comments · Fixed by #776
Assignees
@lenny-goodell
Labels
3-high priority denoting release-blocking issues breaking change bug Something isn't working security-review Pull requests that require review by a member of the Security WG
Milestone
Ireland

Comments

@lenny-goodell
Copy link
Member

This should be locking down to only ListenAndServe on the hostname if ServerBindAddr isn't explicitly set.

Code should be same as this in go-mod-bootstrap:
https://github.com/edgexfoundry/go-mod-bootstrap/blob/v2.0.0-dev.27/bootstrap/handlers/httpserver.go#L88
@lenny-goodell lenny-goodell added bug Something isn't working 3-high priority denoting release-blocking issues security-review Pull requests that require review by a member of the Security WG labels Mar 30, 2021
@lenny-goodell lenny-goodell added this to the Ireland milestone Mar 30, 2021
@lenny-goodell lenny-goodell self-assigned this Mar 30, 2021
lenny-goodell referenced this issue in lenny-goodell/app-functions-sdk-go Mar 30, 2021
fix: Fix webserver to use ServerBindAddr only is not blank as rest of…
7a64d1e 
… EdgeX Services

closes #775

Signed-off-by: lenny <[email protected]>
lenny-goodell referenced this issue in lenny-goodell/app-functions-sdk-go Mar 30, 2021
fix: Fix webserver to use ServerBindAddr only is not blank as rest of…
95cadb9 
… EdgeX Services

closes #775

BREAKING CHANGE: Webserver will be locked down to listen just to `Host` value when If `ServerBindAddr ` is blank

Signed-off-by: lenny <[email protected]>
@lenny-goodell lenny-goodell mentioned this issue Mar 30, 2021
Merged
12 tasks
@lenny-goodell lenny-goodell linked a pull request Mar 30, 2021 that will close this issue
fix: Fix webserver to use ServerBindAddr only if not blank as rest of EdgeX #776
Merged
12 tasks
lenny-goodell referenced this issue in lenny-goodell/app-functions-sdk-go Mar 30, 2021
fix: Fix webserver to use ServerBindAddr only is not blank as rest of…
ef21f22 
… EdgeX Services

closes #775

BREAKING CHANGE: Webserver will be locked down to listen just to `Host` value when If `ServerBindAddr ` is blank

Signed-off-by: lenny <[email protected]>
lenny-goodell referenced this issue in lenny-goodell/app-functions-sdk-go Mar 31, 2021
fix: Fix webserver to use ServerBindAddr only is not blank as rest of…
af5bee8 
… EdgeX Services

closes #775

BREAKING CHANGE: Webserver will be locked down to listen just to `Host` value when If `ServerBindAddr ` is blank

Signed-off-by: lenny <[email protected]>
lenny-goodell added a commit that referenced this issue Mar 31, 2021
@lenny-goodell
fix: Fix webserver to use ServerBindAddr only is not blank as rest of…
1fb879a 
… EdgeX Services (#776)

closes #775

BREAKING CHANGE: Webserver will be locked down to listen just to `Host` value when If `ServerBindAddr ` is blank

Signed-off-by: lenny <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lenny-goodell lenny-goodell

Labels
3-high priority denoting release-blocking issues breaking change bug Something isn't working security-review Pull requests that require review by a member of the Security WG
Projects
None yet
Milestone
Ireland
1 participant
@lenny-goodell