From 8511d4dfc42330bd0d79f2820780476b65bcd9e8 Mon Sep 17 00:00:00 2001
From: Aleksandrs Jansons <43913143+alexjansons@users.noreply.github.com>
Date: Tue, 14 Oct 2025 07:32:40 +0300
Subject: [PATCH] Add matrix_synapse_url_preview_url_blacklist var (#4641)

* synapse - introduce matrix_synapse_url_preview_url_blacklist var

* Preserve original comments around `url_preview_url_blacklist`

---------

Co-authored-by: Aleksandrs Jansons <alex@peledu.casa>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
---
 roles/custom/matrix-synapse/defaults/main.yml                | 5 +++++
 .../matrix-synapse/templates/synapse/homeserver.yaml.j2      | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index 53fc95252..042318e3d 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -823,6 +823,11 @@ matrix_synapse_url_preview_ip_range_blacklist:
 # List of IP address CIDR ranges that the URL preview spider is allowed to access even if they are specified in `matrix_synapse_url_preview_ip_range_blacklist`.
 matrix_synapse_url_preview_ip_range_whitelist: []
 
+# List of URL matches that the URL preview spider is denied from accessing.
+# See https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#url_preview_url_blacklist
+# for more details.
+matrix_synapse_url_preview_url_blacklist: []
+
 # A list of values for the Accept-Language HTTP header used when downloading webpages during URL preview generation
 matrix_url_preview_accept_language: ['en-US', 'en']
 
diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 9509ce64b..265052569 100644
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -1178,6 +1178,9 @@ url_preview_ip_range_whitelist: {{ matrix_synapse_url_preview_ip_range_whitelist
 #
 #  # blacklist any URL with a literal IPv4 address
 #  - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
+{% if matrix_synapse_url_preview_url_blacklist | length > 0 %}
+url_preview_url_blacklist: {{ matrix_synapse_url_preview_url_blacklist | to_json }}
+{% endif %}
 
 # The largest allowed URL preview spidering size in bytes
 #