CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Add default protection for SSRF

Browse Source
This commit is contained in:
Raphael Michel
2026-03-26 14:05:41 +01:00
committed by Raphael Michel
parent 6d07530d2b
commit bb450e1be9
3 changed files with 226 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/pretix/settings.py
View File

@@ -223,6 +223,7 @@ CSRF_TRUSTED_ORIGINS = [urlparse(SITE_URL).scheme + '://' + urlparse(SITE_URL).h
TRUST_X_FORWARDED_FOR = config.getboolean('pretix', 'trust_x_forwarded_for', fallback=False)
USE_X_FORWARDED_HOST = config.getboolean('pretix', 'trust_x_forwarded_host', fallback=False)
ALLOW_HTTP_TO_PRIVATE_NETWORKS = config.getboolean('pretix', 'allow_http_to_private_networks', fallback=False)
REQUEST_ID_HEADER = config.get('pretix', 'request_id_header', fallback=False)