Open
Conversation
0xJacky
force-pushed
the
dev
branch
7 times, most recently
from
0b67c82 to
e47fc25
Compare
0xJacky
force-pushed
the
dev
branch
9 times, most recently
from
58c32d7 to
080ea59
Compare
0xJacky
force-pushed
the
dev
branch
11 times, most recently
from
ab69707 to
83aa6bc
Compare
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
`ObtainCert.job()` called `issueCert()` synchronously after `step.value++`, before Vue mounted `<ObtainCertLive>`, so `refObtainCertLive.value` was null and the optional-chain call silently no-oped — no log entry, no WebSocket connection, progress stuck at 0%. Add an `await nextTick()` so the live component is mounted before its method is invoked. Also harden the long-token WebSocket fallback: switch the frontend to URL-safe base64 (avoids `+` being decoded as a space in query strings) and accept both URL-safe and standard base64 in `getTokenWS` for backward compatibility. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The site healthcheck built its request URL from the indexed site URL (e.g. http://example.com) and never rewrote the scheme to match the user-configured HealthCheckConfig.Protocol. As a result, sites configured for HTTPS were probed over HTTP and always shown as unreachable. TestHealthCheck compounded the issue by using siteConfig.Scheme (default "http") instead of req.Config.Protocol. Introduce rewriteCheckURLScheme which aligns only the URL scheme with the configured protocol while preserving path, query, and port, and call it from CheckSiteWithConfig. TestHealthCheck now passes the stored site URL and relies on the same rewrite, so the "Test" button exercises the same code path as the scheduled checker. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…1608) The site checker created a fresh http.Transport per request and per EnhancedSiteChecker, with Go's default Happy-Eyeballs dialer. When server_name entries resolved to ingress services returning many A records (ngrok, AWS ALB, Cloudflare), each sweep opened enough flows to exhaust conntrack tables on consumer routers (UniFi). Introduce a package-level shared http.Transport with MaxConnsPerHost=2, MaxIdleConnsPerHost=2 and FallbackDelay=-1 (disables IPv6 dial races), plumb it through SiteChecker and EnhancedSiteChecker, and only build a custom client when the per-site HealthCheckConfig truly diverges on TLS. Reuse the response body fetched by the health check for favicon extraction so each site is hit at most once per sweep, and dedupe sites sharing the same host:port before fan-out. Add a [site_check] settings section (Enabled, Concurrency, Interval- Seconds) so operators can disable the checker entirely or tune the sweep cadence; clamp Concurrency to [1, 20] and IntervalSeconds to >=30. Document the new section in en, zh_CN and zh_TW guides and add sidebar entries. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Throttle auto cert retries and expose renewal errors * chore(deps): update pnpm.catalog.default uuid to v14 --------- Co-authored-by: 0xJacky <me@jackyu.cn> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…1647) Locks in the v2.3.5 origin-validation fix for CVE-2026-34403 / GHSA-78mf-482w-62qj with named regression cases for every bypass class documented in the advisory: subdomain confusion, suffix confusion, scheme downgrade, port mismatch, default- port normalization, ws/wss scheme equivalence, case-insensitive host, IPv6 literal, RFC 7239 Forwarded parsing, multi-valued X-Forwarded-Host, scheme-only / malformed origin rejection, node_secret query fallback, empty-secret regression, trailing- slash tolerance on configured trusted origins. 17 table-driven subtests in a new file; zero production code changes; no new dependencies. Co-authored-by: Panguard AI <support@panguard.ai>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )