tailscale

Commit Graph

Author	SHA1	Message	Date
Will Norris	6b956b49e0	client/web: add some security checks for full client Require that requests to servers in manage mode are made to the Tailscale IP (either ipv4 or ipv6) or quad-100. Also set various security headers on those responses. These might be too restrictive, but we can relax them as needed. Allow requests to /ok (even in manage mode) with no checks. This will be used for the connectivity check from a login client to see if the management client is reachable. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2023-11-03 14:15:59 -07:00
Sonia Appasamy	44175653dc	ipn/ipnlocal: rename web fields/structs to webClient For consistency and clarity around what the LocalBackend.web field is used for. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2023-10-31 15:40:06 -04:00

Author

SHA1

Message

Date

Will Norris

6b956b49e0

client/web: add some security checks for full client

Require that requests to servers in manage mode are made to the
Tailscale IP (either ipv4 or ipv6) or quad-100. Also set various
security headers on those responses.  These might be too restrictive,
but we can relax them as needed.

Allow requests to /ok (even in manage mode) with no checks. This will be
used for the connectivity check from a login client to see if the
management client is reachable.

Updates tailscale/corp#14335

Signed-off-by: Will Norris <will@tailscale.com>

2023-11-03 14:15:59 -07:00

Sonia Appasamy

44175653dc

ipn/ipnlocal: rename web fields/structs to webClient

For consistency and clarity around what the LocalBackend.web field
is used for.

Updates tailscale/corp#14335

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>

2023-10-31 15:40:06 -04:00

2 Commits