Skip to content

Not using HTTP proxy for Turnstile challenge #38217

Description

@manelatun

Gitea Version

1.26.4

What happened?

Gitea uses the configured HTTP proxy for cloning repositories and checking for updates, but not for Cloudflare Turnstile challenges.

I'm not familiar with the codebase, but I checked and it seems that turnstile is using the default http client:
https://github.com/go-gitea/gitea/blob/main/modules/turnstile/turnstile.go#L43C2-L43C41
Unlike the update checker, for example:
https://github.com/go-gitea/gitea/blob/main/modules/updatechecker/update_checker.go#L31C2-L35C3

I'm unsure if this is a bug or intended behaviour, sorry in advance.

How are you running Gitea?

I'm using Gitea 1.26.4 on Docker. I've set up a firewall that prevents the container from connecting to the internet and configured an HTTP proxy which the container can use to connect to the internet. I had to modify the firewall rules to allow connections to challenges.cloudflare.com for it to work.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions