podinfo/pkg/api/http at 550ee9f7b9efa1ff108ad4cb007afaa34daf1238 - podinfo - Gitea: Git with a nice cup of tea

github/podinfo

mirror of https://github.com/stefanprodan/podinfo.git synced 2026-04-06 11:06:50 +00:00

Files

History

Stefan Prodan 550ee9f7b9 Fix stored XSS in /store endpoint (CVE-2025-70849)

Set Content-Type to application/octet-stream in storeReadHandler
to prevent Go's content sniffing from serving HTML payloads as
text/html. Add X-Content-Type-Options: nosniff to prevent browsers
from overriding Content-Type via MIME sniffing, and
Content-Security-Policy: default-src 'none' to block script
execution as defense-in-depth.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

2026-03-14 14:40:55 +02:00

..

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

cache.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

chunked_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

chunked.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

configs.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

delay_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

delay.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

echo_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

echo.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

echows.go

fix: panic when the WebSocket endpoint is under load

2024-05-23 10:01:01 +02:00

env_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

env.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

headers_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

headers.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

health_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

health.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

http.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

index.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

info_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

info.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

logging.go

feat(logging): add trace_id to debug log line

2025-03-10 21:48:25 +01:00

metrics.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

mock.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

panic.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

server.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

status_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

status.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

store_test.go

Fix stored XSS in /store endpoint (CVE-2025-70849)

2026-03-14 14:40:55 +02:00

store.go

Fix stored XSS in /store endpoint (CVE-2025-70849)

2026-03-14 14:40:55 +02:00

token_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

token.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00

tracer.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

version_test.go

restructured api to api/http, api/grpc, pkg http

2024-02-24 23:44:12 +05:30

version.go

Removed reference to localhost from swagger

2024-04-09 08:54:38 +02:00