@feditest if you're testing mitra, you can set federation.ssrf_protection_enabled to false (it was added in version 3.4.0)
Conversation
Notices
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Tuesday, 01-Oct-2024 06:57:31 JST silverpill -
Embed this notice
Fediverse Test Suite (feditest@mastodon.social)'s status on Tuesday, 01-Oct-2024 06:57:32 JST Fediverse Test Suite To all you #developers implementing #SSRF protections in your #fediverse applications...
We are all in favor of those protections. But!
Have a setting that lets projects like #FediTest override it. Otherwise how can anybody test interop on anything other than on the public internet?
Mastodon has a ALLOWED_PRIVATE_ADDRESSES setting, which is one way of doing it. Or just have a setting with a default value of what's disabled, and let people override it. Or whatever.
But we need something ...
-
Embed this notice