"Local server access is not allowed" #3720
-
|
After upgrading to 28.3.0, one of my feeds stopped updating with the error "Local server access is not allowed". I run a tiny server in another container in the same Docker network that serves a custom feed.json file. I guess the pod's name
Fair enough, I'm sure there are valid reasons to block localhost, and there probably aren't many users that have a setup like this. I'll work on figuring out how to bind to a different interface and getting News to connect to that instead. I guess I'm leaving this here for other people to search for in case anyone else runs into the same issue. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
Correction: the pod's name resolves to a 10.* address, which is a "local server" by some definitions. That seems problematic. Probably anywhere I move it would still be considered "local". I don't want to expose the server on the public internet. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, yes this was intentional allowing news to fetch internal networks is considered a security risk. You can however instruct nextcloud to ignore that. And news uses the servers client to do it's requests. The only other way would be if your own feed server was reachable from the internet with a public IP, then you could point news to that and it would no longer complain. |
Beta Was this translation helpful? Give feedback.
-
|
Ok, thanks. In my case it probably makes more sense to allow access to local servers, since my Nextcloud server isn't even accessible on the public Internet. |
Beta Was this translation helpful? Give feedback.
Hi, yes this was intentional allowing news to fetch internal networks is considered a security risk.
You can however instruct nextcloud to ignore that. And news uses the servers client to do it's requests.
https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#allow-local-remote-servers
The only other way would be if your own feed server was reachable from the internet with a public IP, then you could point news to that and it would no longer complain.
Depending on your setup there are probably ways to do this. But if you trust your users it's much easi…