all: sync with master

2022-10-03 18:52:20 +03:00
parent 30244f361f
commit 73fcbd6ea2
21 changed files with 403 additions and 207 deletions
--- a/openapi/CHANGELOG.md
+++ b/openapi/CHANGELOG.md
@@ -6,6 +6,28 @@



+## v0.107.15: `POST` Requests Without Bodies
+
+As an additional CSRF protection measure, AdGuard Home now ensures that requests
+that change its state but have no body do not have a `Content-Type` header set
+on them.
+
+This concerns the following APIs:
+
+* `POST /control/dhcp/reset_leases`;
+* `POST /control/dhcp/reset`;
+* `POST /control/parental/disable`;
+* `POST /control/parental/enable`;
+* `POST /control/querylog_clear`;
+* `POST /control/safebrowsing/disable`;
+* `POST /control/safebrowsing/enable`;
+* `POST /control/safesearch/disable`;
+* `POST /control/safesearch/enable`;
+* `POST /control/stats_reset`;
+* `POST /control/update`.
+
+
+
 ## v0.107.14: BREAKING API CHANGES

 A Cross-Site Request Forgery (CSRF) vulnerability has been discovered.  We have
@@ -13,6 +35,9 @@ implemented several measures to prevent such vulnerabilities in the future, but
 some of these measures break backwards compatibility for the sake of better
 protection.

+All JSON APIs that expect a body now check if the request actually has
+`Content-Type` set to `application/json`.
+
 All new formats for the request and response bodies are documented in
 `openapi.yaml`.

--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -601,11 +601,10 @@
      'summary': 'Set user-defined filter rules'
      'requestBody':
        'content':
-          'text/plain':
+          'application/json':
            'schema':
-              'type': 'string'
-              'example': '@@||yandex.ru^|'
-        'description': 'All filtering rules, one line per rule'
+              '$ref': '#/components/schemas/SetRulesRequest'
+        'description': 'Custom filtering rules.'
      'responses':
        '200':
          'description': 'OK.'
@@ -1538,6 +1537,19 @@
      'properties':
        'updated':
          'type': 'integer'
+    'SetRulesRequest':
+      'description': 'Custom filtering rules setting request.'
+      'example':
+        'rules':
+        - '||example.com^'
+        - '# comment'
+        - '@@||www.example.com^'
+      'properties':
+        'rules':
+          'items':
+            'type': 'string'
+          'type': 'array'
+      'type': 'object'
    'GetVersionRequest':
      'type': 'object'
      'description': '/version.json request data'