DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Controller: Several security fixes. (#13069)

Browse source 
Co-authored-by: Tabitha Sable <tabitha.c.sable@gmail.com>
This commit is contained in:
Marco Ebert 2025-03-25 00:00:39 +01:00 committed by GitHub
parent cfd4d89a56
commit 626305229f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 36 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

6
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -875,7 +875,7 @@ stream {
{{ if not ( empty $server.CertificateAuth.MatchCN ) }}
{{ if gt (len $server.CertificateAuth.MatchCN) 0 }}
if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN | quote }} ) {
return 403 "client certificate unauthorized";
}
{{ end }}
@ -1077,7 +1077,7 @@ stream {
set $target {{ changeHostPort $externalAuth.URL $authUpstreamName }};
{{ else }}
proxy_http_version {{ $location.Proxy.ProxyHTTPVersion }};
set $target {{ $externalAuth.URL }};
set $target {{ $externalAuth.URL | quote }};
{{ end }}
proxy_pass $target;
}
@ -1115,7 +1115,7 @@ stream {
{{ buildOpentelemetryForLocation $all.Cfg.EnableOpentelemetry $all.Cfg.OpentelemetryTrustIncomingSpan $location }}
{{ if $location.Mirror.Source }}
mirror {{ $location.Mirror.Source }};
mirror {{ $location.Mirror.Source | quote }};
mirror_request_body {{ $location.Mirror.RequestBody }};
{{ end }}