Open
Conversation
fix: 更新订阅内容生成逻辑,添加其他节点LINK以优化IP选择
修复Surge客户端0RTT配置不生效问题
fix: 优化批量替换域名函数,随机化主机选择以提高多样性
fix: 修正批量替换域名函数中的随机主机选择逻辑
fix: 优化请求优选API函数,增强返回值处理和订阅内容预处理逻辑
Beta2.1 byob
Beta2.1 byob
Beta2.1 byob
…ection chain The client IP detection fallback chain contained duplicate entries: - X-Real-IP appeared twice (positions 1 and 8) - X-Forwarded-For appeared twice (positions 3 and 7) Removed duplicates and reordered to prefer Cloudflare-injected headers (CF-Connecting-IP, True-Client-IP) which are more trustworthy than user-controllable headers.
The auth cookie was set with only HttpOnly, missing two important security attributes: - Secure: without this flag the browser may send the cookie over plain HTTP, exposing the session token to network eavesdroppers. Cloudflare Workers always run behind HTTPS so this flag is safe to add unconditionally. - SameSite=Strict: prevents the cookie from being sent in cross-site requests, mitigating CSRF attacks against the /admin panel.
RFC 1035 §4.1.1 requires that the ID field in a DNS message header be a random 16-bit value so that responses can be matched to their corresponding queries. The previous hardcoded value of 0 works for simple sequential requests but is technically incorrect and could cause response-matching failures under concurrent DoH lookups. Replace with crypto.getRandomValues() which is available in the Cloudflare Workers runtime.
fix: remove duplicate headers and reorder by trustworthiness in IP detection chain
fix: add Secure and SameSite=Strict flags to auth cookie
fix: use random DNS query ID per RFC 1035 §4.1.1
feat: 更新版本号并优化TLS 1.3解密和加密逻辑,修复数据处理流程
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )