tailscale/ipn/ipnlocal
Will Norris 6b956b49e0 client/web: add some security checks for full client
Require that requests to servers in manage mode are made to the
Tailscale IP (either ipv4 or ipv6) or quad-100. Also set various
security headers on those responses.  These might be too restrictive,
but we can relax them as needed.

Allow requests to /ok (even in manage mode) with no checks. This will be
used for the connectivity check from a login client to see if the
management client is reachable.

Updates tailscale/corp#14335

Signed-off-by: Will Norris <will@tailscale.com>
2023-11-03 14:15:59 -07:00
..
testdata ipn/ipnlocal: fix the path for writing cert files (#7203) 2023-02-07 14:34:04 -08:00
breaktcp_darwin.go cmd/tailscale: add debug commands to break connections 2023-08-11 06:37:26 -07:00
breaktcp_linux.go cmd/tailscale: add debug commands to break connections 2023-08-11 06:37:26 -07:00
c2n.go clientupdate: distinguish when auto-updates are possible (#9896) 2023-10-23 18:21:54 -07:00
c2n_pprof.go tailcfg: move LogHeapPprof from Debug to c2n [capver 69] 2023-08-16 20:35:04 -07:00
cert.go ipn/ipnlocal: do unexpired cert renewals in the background 2023-10-12 16:02:45 -07:00
cert_js.go ipn/ipnlocal: do unexpired cert renewals in the background 2023-10-12 16:02:45 -07:00
cert_test.go all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} 2023-08-17 08:42:35 -07:00
dnsconfig_test.go types/netmap: remove NetworkMap.{Addresses,MachineStatus} 2023-09-18 17:08:11 +01:00
expiry.go types/netmap, all: make NetworkMap.SelfNode a tailcfg.NodeView 2023-08-21 13:34:49 -07:00
expiry_test.go types/netmap, all: make NetworkMap.SelfNode a tailcfg.NodeView 2023-08-21 13:34:49 -07:00
local.go client/web: add some security checks for full client 2023-11-03 14:15:59 -07:00
local_test.go appc,cmd/sniproxy,ipn/ipnlocal: split sniproxy configuration code out of appc 2023-11-02 12:51:40 -07:00
loglines_test.go tsd: add package with System type to unify subsystem init, discovery 2023-05-04 14:21:59 -07:00
network-lock.go ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile 2023-09-18 13:58:32 -04:00
network-lock_test.go ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile 2023-09-18 13:58:32 -04:00
peerapi.go ipn/ipnlocal,tailcfg: add AppConnector service to HostInfo when configured 2023-11-01 16:37:24 -07:00
peerapi_h2c.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
peerapi_macios_ext.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
peerapi_test.go appc,cmd/sniproxy,ipn/ipnlocal: split sniproxy configuration code out of appc 2023-11-02 12:51:40 -07:00
profiles.go Revert "ipn/ipnlocal: add new DNS and subnet router policies" (#9962) 2023-10-24 17:07:25 -07:00
profiles_notwindows.go ipn/ipnlocal: fix profile duplication 2023-08-08 13:43:37 -06:00
profiles_test.go ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile 2023-09-18 13:58:32 -04:00
profiles_windows.go Revert "ipn/ipnlocal: add new DNS and subnet router policies" (#9962) 2023-10-24 17:07:25 -07:00
serve.go ipn/ipnlocal: prevent changing serve config if conf.Locked 2023-10-20 21:21:34 -07:00
serve_test.go ipn/ipnlocal: close connections for removed proxy transports (#9884) 2023-10-20 12:04:00 +01:00
ssh.go all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} 2023-08-17 08:42:35 -07:00
ssh_stub.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ssh_test.go ipn/ipnlocal: drop not required StateKey parameter 2023-01-30 17:58:55 -08:00
state_test.go ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile 2023-09-18 13:58:32 -04:00
web_client.go client/web: add some security checks for full client 2023-11-03 14:15:59 -07:00
web_client_stub.go client/web: add some security checks for full client 2023-11-03 14:15:59 -07:00