Skip to content

Webhooks - API does not validate target URL #34491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gabriel-samfira opened this issue May 16, 2025 · 0 comments · Fixed by #34492
Closed

Webhooks - API does not validate target URL #34491

gabriel-samfira opened this issue May 16, 2025 · 0 comments · Fixed by #34492
Labels
type/bug
Milestone
1.24.0

Comments

@gabriel-samfira
Copy link

Description

Hi folks,

It seems that gitea doesn't properly validate the webhook config. I can create a new webhook via the API, without an actual "target URL". The UI validates correctly. The API does not. Notice the missing URL bellow:

Image

And here you can see I'm editing hook with ID 14 (visible in the URL bar), but the target URL is empty:

Image

Using this body:

createOpts := &createGiteaHookOptions{
		Type:         "gitea",
		Events:       hook.Events,
		Active:       hook.GetActive(),
		BranchFilter: "*",
		Config: map[string]string{
			"content_type": hook.GetConfig().GetContentType(),
			"url":          "",
			"http_method":  "post",
		},
	}

The struct is defined as:

type createGiteaHookOptions struct {
	Type                string            `json:"type"`
	Config              map[string]string `json:"config"`
	Events              []string          `json:"events"`
	BranchFilter        string            `json:"branch_filter"`
	Active              bool              `json:"active"`
	AuthorizationHeader string            `json:"authorization_header"`
}

Gitea Version

v1.24.0-rc0

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Linux

How are you running Gitea?

I'm running gitea using the docker image. The following compose config was used:

version: "3"

networks:
  gitea:
    external: false

services:
  server:
    image: docker.gitea.com/gitea:1.24.0-rc0
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    networks:
      - gitea
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "80:80"
      - "22:22"

Database

None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.24.0
Development

Successfully merging a pull request may close this issue.

Fix url validation in webhook add/edit API lunny/gitea
2 participants
@lunny @gabriel-samfira