Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Blacklist 0.0.0.0 and :: by default for URL previews #5134

Merged
merged 2 commits into from
May 3, 2019

Conversation

richvdh
Copy link
Member

@richvdh richvdh commented May 3, 2019

No description provided.

@richvdh richvdh requested a review from a team May 3, 2019 14:40
@richvdh richvdh changed the base branch from master to release-v0.99.3.1 May 3, 2019 14:40
Copy link
Contributor

@babolivier babolivier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm otherwise

@@ -274,6 +279,9 @@ def default_config(self, data_dir_path, **kwargs):
# synapse to issue arbitrary GET requests to your internal services,
# causing serious security issues.
#
# This must be specified if url_preview_enabled. It is recommended that you
# uncomment the following list as a starting point.
#
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be sensible to add something like "0.0.0.0 and :: are always blacklisted" somewhere around here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@richvdh richvdh merged commit a845abb into release-v0.99.3.1 May 3, 2019
@richvdh richvdh deleted the rav/url_preview_blacklist branch May 3, 2019 14:59
turt2live added a commit to t2bot/matrix-media-repo that referenced this pull request May 4, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants