Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Use federation blacklist for requests to identity servers #5935
Now that we're getting rid of the concept of trusted identity servers, we need to make sure that people can't try and poke at internal addresses when sending identity server-related requests.
The plan is to reuse the federation blacklist for these requests which by default blocks internal CIDR ranges.
…rs (#6000) Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935