MCPcopy Index your code
hub / github.com/tailscale/tailscale / AllowDebugAccess

Function AllowDebugAccess

tsweb/tsweb.go:104–127  ·  view source on GitHub ↗

AllowDebugAccess reports whether r should be permitted to access various debug endpoints.

(r *http.Request)

Source from the content-addressed store, hash-verified

102// AllowDebugAccess reports whether r should be permitted to access
103// various debug endpoints.
104func AllowDebugAccess(r *http.Request) bool {
105 if allowDebugAccessWithKey(r) {
106 return true
107 }
108 if r.Header.Get("X-Forwarded-For") != "" {
109 // TODO if/when needed. For now, conservative:
110 return false
111 }
112 ipStr, _, err := net.SplitHostPort(r.RemoteAddr)
113 if err != nil {
114 return false
115 }
116 ip, err := netip.ParseAddr(ipStr)
117 if err != nil {
118 return false
119 }
120 if tsaddr.IsTailscaleIP(ip) || ip.IsLoopback() || ipStr == envknob.String("TS_ALLOW_DEBUG_IP") {
121 return true
122 }
123 if cidrsContain(trustedCIDRs(), ip) {
124 return true
125 }
126 return false
127}
128
129func allowDebugAccessWithKey(r *http.Request) bool {
130 if r.Method != "GET" {

Callers 4

getHomeHandlerFunction · 0.92
ServeHTTPMethod · 0.85
ProtectedFunction · 0.85
ServeHTTPMethod · 0.85

Calls 6

IsTailscaleIPFunction · 0.92
StringFunction · 0.92
allowDebugAccessWithKeyFunction · 0.85
cidrsContainFunction · 0.85
IsLoopbackMethod · 0.80
GetMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…