gitforge/modules/setting
elle 540551acf2 federation: protect against SSRF attacks (#11795)
Adds an extra check to ensure the `keyId` and `actorId` included in signed requests and actor records point back to the originating host.

This check prevents server-side request forgery (SSRF) attacks where a carefully crafted request could be used to trick a federation server into making requests to arbitrary hosts and ports.

Further refactors can make these checks more robust, but would better fit after other existing refactor PRs are merged.

Related: https://codeberg.org/forgejo/forgejo/issues/11779

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11795
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-07-08 02:03:17 +02:00
..
config
actions.go chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
actions_test.go chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
admin.go feat: add manage_password to user disable features (#10541) 2026-01-26 18:58:39 +01:00
admin_test.go
api.go
asset_dynamic.go
asset_static.go
attachment.go
attachment_test.go
authorized_integration.go feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
badges.go
cache.go ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
camo.go
config.go chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
config_env.go chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
config_env_test.go
config_provider.go
config_provider_test.go
cors.go
cron.go
cron_test.go
database.go chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
database_sqlite.go
database_test.go feat: Add support for loading db password from file via PASSD_URI (#10421) 2025-12-18 20:55:56 +01:00
disposable_email_domain_data.go
f3.go chore: update gof3/v3 v3.11.15 (#10673) 2026-01-13 16:59:56 +01:00
f3_test.go chore: update gof3/v3 v3.11.15 (#10673) 2026-01-13 16:59:56 +01:00
federation.go federation: protect against SSRF attacks (#11795) 2026-07-08 02:03:17 +02:00
forgejo_storage_test.go
git.go feat: fsck incoming objects (#12695) 2026-05-25 14:51:04 +02:00
git_test.go feat: fsck incoming objects (#12695) 2026-05-25 14:51:04 +02:00
highlight.go
i18n.go
incoming_email.go ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
incoming_email_test.go
indexer.go Add code search with zoekt support (#8827) 2026-05-28 20:52:34 +02:00
indexer_test.go
lfs.go chore: remove #11024 workarounds (#12301) 2026-05-01 22:10:10 +02:00
lfs_test.go
log.go chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
log_test.go
mailer.go ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
mailer_test.go
markup.go chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
metrics.go
migrations.go
mime_type_map.go
mirror.go chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
moderation.go
oauth2.go feat: add option to use preferred_username claim when registering users via oauth2 (#12504) 2026-05-18 00:14:46 +02:00
oauth2_test.go
other.go
packages.go
packages_test.go
path.go
path_test.go
picture.go
project.go
proxy.go
pwa.go Move web app manifest to a own cache-able route and add a setting to set "display": "standalone"; Closes #2638 (#5384) 2026-01-09 17:49:29 +01:00
queue.go
quota.go
quota_test.go
repository.go fix(ui)!: remove squash merge committer trailer admin option (#11096) 2026-02-07 12:58:26 +01:00
repository_archive.go
repository_archive_test.go
repository_test.go
security.go chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
server.go fix: terminate git (& other) subcommands gracefully on context timeout/cancellation (#13263) 2026-07-01 20:26:02 +02:00
server_test.go
service.go feat: setting to add team members by invitations (#12845) 2026-06-15 01:46:25 +02:00
service_test.go
session.go branding!: make cookies brand independent (#10645) 2026-03-19 04:34:27 +01:00
setting.go chore(docs): clarify the bootstrap fatal error message displayed when no config is found (#13268) 2026-07-01 15:59:39 +02:00
setting_test.go Move web app manifest to a own cache-able route and add a setting to set "display": "standalone"; Closes #2638 (#5384) 2026-01-09 17:49:29 +01:00
ssh.go
storage.go chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
storage_test.go
task.go
time.go
ui.go feat(api,ui): add multiline comment on pullrequest (#12582) 2026-06-03 16:06:29 +02:00
webhook.go