mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2025-05-06 22:34:56 -04:00
Whitelist the login fallback by default for SSO
This commit is contained in:
parent
88bb6c27e1
commit
c2ab0b3066
2 changed files with 28 additions and 2 deletions
|
@ -39,6 +39,17 @@ class SSOConfig(Config):
|
|||
|
||||
self.sso_client_whitelist = sso_config.get("client_whitelist") or []
|
||||
|
||||
# Attempt to also whitelist the server's login fallback, since that fallback sets
|
||||
# the redirect URL to itself (so it can process the login token then return
|
||||
# gracefully to the client). This would make it pointless to ask the user for
|
||||
# confirmation, since the URL the confirmation page would be showing wouldn't be
|
||||
# the client's.
|
||||
# public_baseurl is an optional setting, so we only add the fallback's URL to the
|
||||
# list if it's provided (because we can't figure out what that URL is otherwise).
|
||||
if self.public_baseurl:
|
||||
login_fallback_url = self.public_baseurl + "_matrix/static/client/login"
|
||||
self.sso_client_whitelist.append(login_fallback_url)
|
||||
|
||||
def generate_config_section(self, **kwargs):
|
||||
return """\
|
||||
# Additional settings to use with single-sign on systems such as SAML2 and CAS.
|
||||
|
@ -54,7 +65,11 @@ class SSOConfig(Config):
|
|||
# phishing attacks from evil.site. To avoid this, include a slash after the
|
||||
# hostname: "https://my.client/".
|
||||
#
|
||||
# By default, this list is empty.
|
||||
# If public_baseurl is set, then the login fallback page (used by clients
|
||||
# that don't have full support for SSO) is always included in this list.
|
||||
#
|
||||
# By default, this list is empty, except if public_baseurl is set (in which
|
||||
# case the login fallback page is the only element in the list).
|
||||
#
|
||||
#client_whitelist:
|
||||
# - https://riot.im/develop
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue