3x-ui

mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-06 21:24:10 +00:00

History

MHSanaei 91ee295199 Add SSRF protection for custom geo downloads Introduce SSRF-safe HTTP transport for custom geo operations by adding ssrfSafeTransport and isBlockedIP helpers. The transport resolves hosts and blocks loopback, private, link-local and unspecified addresses, returning ErrCustomGeoSSRFBlocked on violations. Update probeCustomGeoURLWithGET, probeCustomGeoURL and downloadToPathOnce to use the safe transport. Also add the new error ErrCustomGeoSSRFBlocked and necessary imports. Minor whitespace/formatting adjustments in subClashService.go, web/entity/entity.go and web/service/setting.go.		2026-04-19 23:20:37 +02:00
..
api.go	Add custom geosite/geoip URL sources (#3980 )	2026-04-19 21:24:24 +02:00
base.go	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
custom_geo.go	Add SSRF protection for custom geo downloads	2026-04-19 23:20:37 +02:00
inbound.go	bug fix #3785	2026-02-11 22:21:09 +01:00
index.go	Add Go code analyzer workflow	2026-03-17 23:01:15 +01:00
server.go	Refactor code and fix linter warnings (#3627 )	2026-01-05 05:54:56 +01:00
setting.go	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
util.go	Add custom geosite/geoip URL sources (#3980 )	2026-04-19 21:24:24 +02:00
websocket.go	fix: enhance WebSocket stability, resolve XHTTP configurations and fix UI loading shifts (#3997 )	2026-04-19 21:01:00 +02:00
xray_setting.go	fix security issue	2026-02-09 23:36:10 +01:00
xui.go	API improve security: returns 404 for unauthenticated API requests	2025-09-24 11:29:55 +02:00