From 62db603fa0cae4813e119291b606bff290461b2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Edstr=C3=B6m?= <108799+Legogris@users.noreply.github.com> Date: Wed, 20 Oct 2021 17:43:49 +0000 Subject: [PATCH] Consider IP whitelist for identity server resolution (#11120) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Robert Edström --- changelog.d/11120.bugfix | 1 + synapse/handlers/identity.py | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 changelog.d/11120.bugfix diff --git a/changelog.d/11120.bugfix b/changelog.d/11120.bugfix new file mode 100644 index 000000000000..6b39e3e89da2 --- /dev/null +++ b/changelog.d/11120.bugfix @@ -0,0 +1 @@ +Identity server connection is no longer ignoring `ip_range_whitelist`. diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 9c319b538323..7ef8698a5ea9 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -54,7 +54,9 @@ def __init__(self, hs: "HomeServer"): self.http_client = SimpleHttpClient(hs) # An HTTP client for contacting identity servers specified by clients. self.blacklisting_http_client = SimpleHttpClient( - hs, ip_blacklist=hs.config.server.federation_ip_range_blacklist + hs, + ip_blacklist=hs.config.server.federation_ip_range_blacklist, + ip_whitelist=hs.config.server.federation_ip_range_whitelist, ) self.federation_http_client = hs.get_federation_http_client() self.hs = hs