diff --git a/conf/config.example.toml b/conf/config.example.toml index 6de2997..e7f528b 100644 --- a/conf/config.example.toml +++ b/conf/config.example.toml @@ -51,7 +51,7 @@ max-symlink-depth = 16 update-timeout = "60s" max-heap-size-ratio = 0.5 # * RAM_size forbidden-domains = [] -# allowed-repository-url-prefixes = +allowed-repository-url-prefixes = [] allowed-custom-headers = ["X-Clacks-Overhead"] [audit] diff --git a/src/auth.go b/src/auth.go index 0379467..e99177a 100644 --- a/src/auth.go +++ b/src/auth.go @@ -436,7 +436,7 @@ func AuthorizeUpdateFromRepository(r *http.Request) (*Authorization, error) { } func checkAllowedURLPrefix(repoURL string) error { - if config.Limits.AllowedRepositoryURLPrefixes != nil { + if len(config.Limits.AllowedRepositoryURLPrefixes) > 0 { allowedPrefix := false repoURL = strings.ToLower(repoURL) for _, allowedRepoURLPrefix := range config.Limits.AllowedRepositoryURLPrefixes { @@ -658,7 +658,7 @@ func AuthorizeUpdateFromArchive(r *http.Request) (*Authorization, error) { return auth, nil } - if config.Limits.AllowedRepositoryURLPrefixes != nil { + if len(config.Limits.AllowedRepositoryURLPrefixes) > 0 { causes = append(causes, AuthError{http.StatusUnauthorized, "DNS challenge not allowed"}) } else { // DNS challenge gives absolute authority. diff --git a/src/config.go b/src/config.go index c87c82f..2866b93 100644 --- a/src/config.go +++ b/src/config.go @@ -140,7 +140,7 @@ type LimitsConfig struct { // List of domains unconditionally forbidden for uploads. ForbiddenDomains []string `toml:"forbidden-domains" default:"[]"` // List of allowed repository URL prefixes. Setting this option prohibits uploading archives. - AllowedRepositoryURLPrefixes []string `toml:"allowed-repository-url-prefixes"` + AllowedRepositoryURLPrefixes []string `toml:"allowed-repository-url-prefixes" default:"[]"` // List of allowed custom headers. Header name must be in the MIME canonical form, // e.g. `Foo-Bar`. Setting this option permits including this custom header in `_headers`, // unless it is fundamentally unsafe.