Use the federation blacklist for requests to untrusted Identity Servers (#6000)
Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935
Showing
- changelog.d/6000.feature 1 addition, 0 deletionschangelog.d/6000.feature
- docs/sample_config.yaml 3 additions, 0 deletionsdocs/sample_config.yaml
- synapse/config/server.py 3 additions, 0 deletionssynapse/config/server.py
- synapse/handlers/identity.py 15 additions, 3 deletionssynapse/handlers/identity.py
- synapse/handlers/room_member.py 6 additions, 1 deletionsynapse/handlers/room_member.py
Loading
Please register or sign in to comment