Federation allow list #673
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JadedBlueEyes
temporarily deployed
to
github-pages
GitHub Actions
Inactive
JadedBlueEyes
temporarily deployed
to
github-pages
GitHub Actions
Inactive
JadedBlueEyes
temporarily deployed
to
github-pages
GitHub Actions
Inactive
JadedBlueEyes
temporarily deployed
to
github-pages
GitHub Actions
Inactive
JadedBlueEyes
force-pushed
the
federation-allow-list
branch
from
6f9f66e to
1226e84
Compare
JadedBlueEyes
force-pushed
the
federation-allow-list
branch
from
1226e84 to
8cf8af7
Compare
|
Rebased on the latest main, but I haven't tested config live reload with this as it's not a feature I use |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds an
allowed_remote_server_names. When empty, all remote servers are allowed. When set, servers not in the list are treated the same asforbidden_remote_server_names.This additionally makes these options apply to remote media fetching and remote room directory fetching.
Not sure if ignoring messages from servers not in the allow-list is the best behaviour - it may result in some unexpected behaviour in cases like #672, where users are in a room with a non-allowed user via an allowed user. Perhaps this should be a separate option?
Unfortunately, the example config won't regenerate for me.
Tested and appears to work well (
matrix-limited-federation.pissing.dev, only allowspissing.dev)A useful enhancement for this and related options may be glob matching, or reading from a policy room. Out of scope for this, though.