You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems that adop-nginx/resources/configuration/sites-available/registry.conf has an area for improvement:
====================` Results ===================
>> Problem: [host_spoofing] The proxied Host header may be spoofed.
Description: In most cases "$host" variable are more appropriate, just use it.
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
Pseudo config:
include /etc/nginx/sites-enabled/registry.conf;
server {
server_name ~^registry*;
location /v2/ {
proxy_set_header Host $http_host;
}
}
==================== Summary ===================
Total issues:
Unspecified: 0
Low: 0
Medium: 1
High: 0
I ran gixy on ADOP: https://github.com/yandex/gixy
It seems that adop-nginx/resources/configuration/sites-available/registry.conf has an area for improvement:
I changed:
adop-nginx/resources/configuration/sites-available/registry.conf
Line 41 in fc94e26
to
And it made gixy happy.
I wasn't sure how to test the docker registry with this change. Happy to test it and do a PR if anyone can suggest some test cases.
The text was updated successfully, but these errors were encountered: