Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-23 08:58:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix caa records inheritance

Browse source
This commit is contained in:
Matej Bačo 2025-08-05 13:38:56 +02:00
parent 7f690a1048
commit dade82706a
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/Appwrite/Network/Validator/DNS.php
View file

@ -65,9 +65,18 @@ class DNS extends Validator
}
if (empty($query)) {
// No CAA records means anyone can issue certificate
// CAA records inherit from parent (custom CAA behaviour)
if ($this->type === self::RECORD_CAA) {
return true;
if (\substr_count($value, ".") === 1) {
return true; // No CAA on apex domain means anyone can issue certificate
}
// Recursive validation by parent domain
$parts = \explode('.', $value);
\array_shift($parts);
$parentDomain = \implode('.', $parts);
$validator = new DNS(System::getEnv('_APP_DOMAIN_TARGET_CAA', ''), DNS::RECORD_CAA);
return $validator->isValid($parentDomain);
}
return false;