You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Do you want to request a feature or report a bug? Bug
- What is the current behavior? Mailer template URLs such as the one in GOTRUE_MAILER_TEMPLATES_CONFIRMATION or GOTRUE_MAILER_TEMPLATES_RECOVERY cannot be fetched from private URLs.
- If the current behavior is a bug, please provide the steps to reproduce.
Spin up GoTrue in a docker-compose environment and point mailer template URLs e.g. GOTRUE_MAILER_TEMPLATES_RECOVERY at another container.
Attempt to initiate e.g. a password recovery e-mail.
Template not fetched and used; default template loaded instead. Error messages in console:
{"component":"api","level":"info","method":"POST","msg":"request started","path":"/recover","referer":"","remote_addr":"172.19.0.4:47086","timestamp":"2022-08-04T17:45:35Z"}
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
time="2022-08-04T17:45:35Z" level=error msg="Cancelled attempted request to ip in private range" transport=local_blocker
2022/08/04 17:45:35 Error loading template from http://anothercontainer:8080/recovery.txt: Get "http://anothercontainer:8080/recovery.txt": context canceled
- What is the expected behavior? Mailer templates should be able to be fetched from private IPs, particularly in a Docker setting. Or at least provide the option to whitelist certain IP ranges.
- Please mention your Go version, and operating system version.
I also ran into this issue using supabase and email templates that I wan't to retrieve from another container locally (even over https).
Are there any plans fixing this issue by adding an environment variable or config option to disable this or are there any security concerns preventing this from ever happening?
This issue has been automatically marked as stale because it has not had activity in 1 year. It will be closed in 7 days if no further activity occurs. Thanks!
- Do you want to request a feature or report a bug? Bug
- What is the current behavior? Mailer template URLs such as the one in
GOTRUE_MAILER_TEMPLATES_CONFIRMATION
orGOTRUE_MAILER_TEMPLATES_RECOVERY
cannot be fetched from private URLs.- If the current behavior is a bug, please provide the steps to reproduce.
docker-compose
environment and point mailer template URLs e.g.GOTRUE_MAILER_TEMPLATES_RECOVERY
at another container.- What is the expected behavior? Mailer templates should be able to be fetched from private IPs, particularly in a Docker setting. Or at least provide the option to whitelist certain IP ranges.
- Please mention your Go version, and operating system version.
https://hub.docker.com/layers/gotrue/supabase/gotrue/v2.10.3/images/sha256-fdb56c9d06f84cf7a61186927b8f2501bd39a671b90fae99277682cc867af9cb?context=explore
The text was updated successfully, but these errors were encountered: