This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Omitting next_link parameter while using the next_link_domain_whitelist option will prevent 3PID validation
#8418
Labels
z-bug
(Deprecated Label)
Comments
anoadragon453
added a commit
that referenced
this issue
Sep 29, 2020
Broken in #8275 and has yet to be put in a release. Fixes #8418. `next_link` is an optional parameter. However, we were checking whether the `next_link` param was valid, even if it wasn't provided. In that case, `next_link` was `None`, which would clearly not be a valid URL. This would prevent password reset and other operations if `next_link` was not provided, and the `next_link_domain_whitelist` config option was set.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
#8275 introduced the new config option
next_link_domain_whitelist, which allows a server admin to only allow a specific set of domains to be used fornext_linkfunctionality while validating 3PID addresses.There was an oversight however, in that the PR assumed
next_linkwould always be provided, and thus always need to be validated.next_linkis an optional parameter though, meaning the request would fail if this config option were in use, andnext_linkwas not provided.This config option and bug have not shipped in a public release yet, hence the
release-blockertag.The text was updated successfully, but these errors were encountered: