tailscale/ipn
Will Norris 6b956b49e0 client/web: add some security checks for full client
Require that requests to servers in manage mode are made to the
Tailscale IP (either ipv4 or ipv6) or quad-100. Also set various
security headers on those responses.  These might be too restrictive,
but we can relax them as needed.

Allow requests to /ok (even in manage mode) with no checks. This will be
used for the connectivity check from a login client to see if the
management client is reachable.

Updates tailscale/corp#14335

Signed-off-by: Will Norris <will@tailscale.com>
2023-11-03 14:15:59 -07:00
..
conffile ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key 2023-10-17 07:12:49 -07:00
ipnauth ipn/ipnauth: improve the Windows token administrator check 2023-11-03 14:37:04 -06:00
ipnlocal client/web: add some security checks for full client 2023-11-03 14:15:59 -07:00
ipnserver ipn/ipnauth: improve the Windows token administrator check 2023-11-03 14:37:04 -06:00
ipnstate client/web: restrict full management client behind browser sessions 2023-10-05 17:21:39 -04:00
localapi ipn/localapi: make serveTKASign require write permission (#10094) 2023-11-02 17:01:26 -06:00
policy ipn: prefer allow/denylist terminology 2023-04-04 08:02:50 -07:00
store cmd/k8s-operator,ipn/store/kubestore: patch secrets instead of updating 2023-08-29 13:24:05 -07:00
backend.go cmd/tailscale,ipn/ipnlocal: print debug component names 2023-10-03 06:07:34 -07:00
conf.go ipn: add user pref for running web client 2023-10-31 10:34:56 -07:00
doc.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
fake_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ipn_clone.go ipn: introduce app connector advertisement preference and flags 2023-11-01 10:58:54 -07:00
ipn_test.go net/packet: split off checksum munging into different pkg 2023-10-11 14:25:58 -07:00
ipn_view.go ipn: introduce app connector advertisement preference and flags 2023-11-01 10:58:54 -07:00
prefs.go ipn: introduce app connector advertisement preference and flags 2023-11-01 10:58:54 -07:00
prefs_test.go ipn: introduce app connector advertisement preference and flags 2023-11-01 10:58:54 -07:00
serve.go ipn/localapi: require local Windows admin to set serve path (#9969) 2023-10-26 14:40:44 -07:00
serve_test.go ipn/localapi: require local Windows admin to set serve path (#9969) 2023-10-26 14:40:44 -07:00
store.go ipn: avoid useless no-op WriteState calls 2023-08-07 08:44:24 -07:00
store_test.go ipn: avoid useless no-op WriteState calls 2023-08-07 08:44:24 -07:00