Skip to content

Revert "runtime/secrets: validate proxy URL scheme and length"#1041

Merged
matheuscscp merged 2 commits intomainfrom
fix-sc-1915
Oct 9, 2025
Merged

Revert "runtime/secrets: validate proxy URL scheme and length"#1041
matheuscscp merged 2 commits intomainfrom
fix-sc-1915

Conversation

@matheuscscp
Copy link
Copy Markdown
Member

@matheuscscp matheuscscp commented Oct 9, 2025

This reverts commit c1274b1.

This commit caused a regression in proxy features where we support the SOCKS5 protocol:

fluxcd/source-controller#1915

This protocol is documented as supported, e.g. here:

https://fluxcd.io/flux/components/source/gitrepositories/#proxy-secret-reference

@matheuscscp matheuscscp requested review from a team and hiddeco as code owners October 9, 2025 09:03
@matheuscscp matheuscscp added bug Something isn't working area/runtime Controller runtime related issues and pull requests labels Oct 9, 2025
@matheuscscp
Revert "runtime/secrets: validate proxy URL scheme and length"
7666900 
This reverts commit c1274b1.

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
@matheuscscp
Prepare for release
c2d48e9 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
cappyzawa
cappyzawa approved these changes Oct 9, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@cappyzawa cappyzawa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 😢

@matheuscscp matheuscscp merged commit 7301068 into main Oct 9, 2025
11 checks passed
@matheuscscp matheuscscp deleted the fix-sc-1915 branch October 9, 2025 09:34
This was referenced Oct 9, 2025
Merged
Merged
Merged
Merged
@cappyzawa cappyzawa mentioned this pull request Nov 12, 2025
Open
cappyzawa added a commit to cappyzawa/pkg that referenced this pull request Dec 3, 2025
@cappyzawa
runtime/secrets: validate proxy URL scheme and length
8a1b950 
Add validation to ProxyURLFromSecret to ensure proxy URLs use
supported schemes (http, https, socks5) and do not exceed the
maximum length of 2048 characters.

This addresses the regression introduced in PR fluxcd#1041 which removed
all validation after users reported SOCKS5 proxy breakage. The new
implementation properly supports SOCKS5 while maintaining security
through scheme and length validation.

Signed-off-by: cappyzawa <cappyzawa@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

@hiddeco hiddeco Awaiting requested review from hiddeco

+1 more reviewer

@cappyzawa cappyzawa cappyzawa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/runtime Controller runtime related issues and pull requests bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matheuscscp @stefanprodan @cappyzawa