[pull] main from cmliu:main#102
Open
pull[bot] wants to merge 154 commits intolinux-doc:mainfrom
Open
Conversation
feat: 增强sub参数处理逻辑,确保有效的sub地址包含点
…ection chain The client IP detection fallback chain contained duplicate entries: - X-Real-IP appeared twice (positions 1 and 8) - X-Forwarded-For appeared twice (positions 3 and 7) Removed duplicates and reordered to prefer Cloudflare-injected headers (CF-Connecting-IP, True-Client-IP) which are more trustworthy than user-controllable headers.
The auth cookie was set with only HttpOnly, missing two important security attributes: - Secure: without this flag the browser may send the cookie over plain HTTP, exposing the session token to network eavesdroppers. Cloudflare Workers always run behind HTTPS so this flag is safe to add unconditionally. - SameSite=Strict: prevents the cookie from being sent in cross-site requests, mitigating CSRF attacks against the /admin panel.
RFC 1035 §4.1.1 requires that the ID field in a DNS message header be a random 16-bit value so that responses can be matched to their corresponding queries. The previous hardcoded value of 0 works for simple sequential requests but is technically incorrect and could cause response-matching failures under concurrent DoH lookups. Replace with crypto.getRandomValues() which is available in the Cloudflare Workers runtime.
fix: remove duplicate headers and reorder by trustworthiness in IP detection chain
fix: add Secure and SameSite=Strict flags to auth cookie
fix: use random DNS query ID per RFC 1035 §4.1.1
feat: 更新版本号并优化TLS 1.3解密和加密逻辑,修复数据处理流程
更正 README.md 中ClashMetaForAndroid项目地址
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Beta2.1 byob
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
feat: 更新CHANGELOG,优化PROXYIP域名解析流程,移除特判逻辑
This workflow automatically closes pull requests with empty or short descriptions, while notifying the author to provide more details.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )