From 72280bbbb2eb630fa7c50efe3ff2d252c3a9acbf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 21 Feb 2025 23:05:14 +0200 Subject: [PATCH] Add a `matrix_synapse_url_preview_ip_range_whitelist` variable --- roles/custom/matrix-synapse/defaults/main.yml | 3 +++ .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 72764b44b..67e198c10 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -778,6 +778,9 @@ matrix_synapse_url_preview_ip_range_blacklist: - 'ff00::/8' - 'fec0::/10' +# List of IP address CIDR ranges that the URL preview spider is allowed to access even if they are specified in `matrix_synapse_url_preview_ip_range_blacklist`. +matrix_synapse_url_preview_ip_range_whitelist: [] + # A list of values for the Accept-Language HTTP header used when downloading webpages during URL preview generation matrix_url_preview_accept_language: ['en-US', 'en'] diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index c1fe5c40f..1a6cb6c41 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1141,8 +1141,9 @@ url_preview_ip_range_blacklist: {{ matrix_synapse_url_preview_ip_range_blacklist # target IP ranges - e.g. for enabling URL previews for a specific private # website only visible in your network. # -#url_preview_ip_range_whitelist: -# - '192.168.1.1' +{% if matrix_synapse_url_preview_enabled %} +url_preview_ip_range_whitelist: {{ matrix_synapse_url_preview_ip_range_whitelist | to_json }} +{% endif %} # Optional list of URL matches that the URL preview spider is # denied from accessing. You should use url_preview_ip_range_blacklist