2 Commits

Author SHA1 Message Date
bearsyankees 8195e9753d fix(container): allow configured Caido UI domains 2026-07-10 00:33:25 -04:00
alex s b9994e2e0e fix(session): use HTTPS scheme for Caido endpoint if TLS is enabled (#722) 2026-07-10 00:23:27 -04:00
2 changed files with 16 additions and 1 deletions
+14
View File
@@ -9,10 +9,24 @@ if [ ! -f /app/certs/ca.p12 ]; then
exit 1 exit 1
fi fi
# Caido enforces a Host allowlist (DNS-rebinding protection) and rejects requests
# whose Host header is a hostname it doesn't recognize. To reach Caido over a
# hostname (rather than an IP literal), set STRIX_CAIDO_ALLOWED_DOMAINS to a
# comma-separated list of hostnames to allow. Unset by default.
# See https://docs.caido.io/app/guides/domain_allowlist
CAIDO_UI_DOMAIN_ARGS=()
if [ -n "${STRIX_CAIDO_ALLOWED_DOMAINS:-}" ]; then
IFS=',' read -ra _caido_domains <<< "${STRIX_CAIDO_ALLOWED_DOMAINS}"
for _d in "${_caido_domains[@]}"; do
[ -n "$_d" ] && CAIDO_UI_DOMAIN_ARGS+=(--ui-domain "$_d")
done
fi
caido-cli --listen 0.0.0.0:${CAIDO_PORT} \ caido-cli --listen 0.0.0.0:${CAIDO_PORT} \
--allow-guests \ --allow-guests \
--no-logging \ --no-logging \
--no-open \ --no-open \
"${CAIDO_UI_DOMAIN_ARGS[@]}" \
--import-ca-cert /app/certs/ca.p12 \ --import-ca-cert /app/certs/ca.p12 \
--import-ca-cert-pass "" > "$CAIDO_LOG" 2>&1 & --import-ca-cert-pass "" > "$CAIDO_LOG" 2>&1 &
+2 -1
View File
@@ -114,7 +114,8 @@ async def create_or_reuse(
) )
caido_endpoint = await session.resolve_exposed_port(_CONTAINER_CAIDO_PORT) caido_endpoint = await session.resolve_exposed_port(_CONTAINER_CAIDO_PORT)
host_caido_url = f"http://{caido_endpoint.host}:{caido_endpoint.port}" scheme = "https" if caido_endpoint.tls else "http"
host_caido_url = f"{scheme}://{caido_endpoint.host}:{caido_endpoint.port}"
logger.debug("Caido host endpoint resolved: %s", host_caido_url) logger.debug("Caido host endpoint resolved: %s", host_caido_url)
caido_client = await bootstrap_caido( caido_client = await bootstrap_caido(