checkDomainAllowed returns nil if u's host is permitted by the configured allow- and block-lists, or a descriptive error otherwise. When neither list is configured, every URL is allowed.
(u *url.URL)
| 343 | // allow- and block-lists, or a descriptive error otherwise. When neither list |
| 344 | // is configured, every URL is allowed. |
| 345 | func (h *fetchHandler) checkDomainAllowed(u *url.URL) error { |
| 346 | host := u.Hostname() |
| 347 | if host == "" { |
| 348 | return errors.New("URL has no host") |
| 349 | } |
| 350 | matchesAny := func(patterns []string) bool { |
| 351 | return slices.ContainsFunc(patterns, func(p string) bool { |
| 352 | return matchesDomain(host, p) |
| 353 | }) |
| 354 | } |
| 355 | switch { |
| 356 | case len(h.blockedDomains) > 0 && matchesAny(h.blockedDomains): |
| 357 | return fmt.Errorf("URL host %q is blocked by blocked_domains", host) |
| 358 | case len(h.allowedDomains) > 0 && !matchesAny(h.allowedDomains): |
| 359 | return fmt.Errorf("URL host %q is not in allowed_domains", host) |
| 360 | } |
| 361 | return nil |
| 362 | } |
| 363 | |
| 364 | // matchesDomain reports whether host matches pattern (case-insensitive). |
| 365 | // |
no test coverage detected