2 Commits

Author SHA1 Message Date
bearsyankees e7fffb0721 fix(container): allow configured Caido UI domains 2026-07-10 00:32:28 -04:00
bearsyankees 4523377b21 fix(session): use HTTPS scheme for Caido endpoint if TLS is enabled 2026-07-10 00:17:07 -04:00
2 changed files with 16 additions and 1 deletions
+14
View File
@@ -9,10 +9,24 @@ if [ ! -f /app/certs/ca.p12 ]; then
exit 1
fi
# Caido enforces a Host allowlist (DNS-rebinding protection) and rejects requests
# whose Host header is a hostname it doesn't recognize. To reach Caido over a
# hostname (rather than an IP literal), set STRIX_CAIDO_ALLOWED_DOMAINS to a
# comma-separated list of hostnames to allow. Unset by default.
# See https://docs.caido.io/app/guides/domain_allowlist
CAIDO_UI_DOMAIN_ARGS=()
if [ -n "${STRIX_CAIDO_ALLOWED_DOMAINS:-}" ]; then
IFS=',' read -ra _caido_domains <<< "${STRIX_CAIDO_ALLOWED_DOMAINS}"
for _d in "${_caido_domains[@]}"; do
[ -n "$_d" ] && CAIDO_UI_DOMAIN_ARGS+=(--ui-domain "$_d")
done
fi
caido-cli --listen 0.0.0.0:${CAIDO_PORT} \
--allow-guests \
--no-logging \
--no-open \
"${CAIDO_UI_DOMAIN_ARGS[@]}" \
--import-ca-cert /app/certs/ca.p12 \
--import-ca-cert-pass "" > "$CAIDO_LOG" 2>&1 &
+2 -1
View File
@@ -114,7 +114,8 @@ async def create_or_reuse(
)
caido_endpoint = await session.resolve_exposed_port(_CONTAINER_CAIDO_PORT)
host_caido_url = f"http://{caido_endpoint.host}:{caido_endpoint.port}"
scheme = "https" if caido_endpoint.tls else "http"
host_caido_url = f"{scheme}://{caido_endpoint.host}:{caido_endpoint.port}"
logger.debug("Caido host endpoint resolved: %s", host_caido_url)
caido_client = await bootstrap_caido(