anonymousland-synapse/synapse
Andrew Morgan 094896a69d
Add a config option for validating 'next_link' parameters against a domain whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285

They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.

This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.

This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
2020-09-08 16:03:09 +01:00
..
_scripts Replace all remaining six usage with native Python 3 equivalents (#7704) 2020-06-16 08:51:47 -04:00
api Directly import json from the standard library. (#8259) 2020-09-08 07:33:48 -04:00
app Directly import json from the standard library. (#8259) 2020-09-08 07:33:48 -04:00
appservice Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
config Add a config option for validating 'next_link' parameters against a domain whitelist (#8275) 2020-09-08 16:03:09 +01:00
crypto Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
events Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
federation Catch up after Federation Outage (split, 2): Track last successful stream ordering after transmission (#8247) 2020-09-04 15:06:51 +01:00
groups Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
handlers Clean up types for PaginationConfig (#8250) 2020-09-08 15:00:17 +01:00
http Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
logging Use the right constructor for log records (#8278) 2020-09-08 14:52:51 +01:00
metrics Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
module_api Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
push Only add rows to the push actions table if the event notifies or should be marked unread (#8274) 2020-09-07 16:56:27 +01:00
replication Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
res/templates Implement login blocking based on SAML attributes (#8052) 2020-08-11 16:08:10 +01:00
rest Add a config option for validating 'next_link' parameters against a domain whitelist (#8275) 2020-09-08 16:03:09 +01:00
server_notices Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
spam_checker_api Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
state Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
static Clean-up the fallback login code. (#7657) 2020-06-10 09:50:39 -04:00
storage Fix MultiWriterIdGenerator.current_position. (#8257) 2020-09-08 14:26:54 +01:00
streams Clean up types for PaginationConfig (#8250) 2020-09-08 15:00:17 +01:00
util Directly import json from the standard library. (#8259) 2020-09-08 07:33:48 -04:00
__init__.py 1.20.0rc1 2020-09-08 12:58:37 +01:00
event_auth.py Convert events worker database to async/await. (#8071) 2020-08-18 16:20:49 -04:00
notifier.py Clean up types for PaginationConfig (#8250) 2020-09-08 15:00:17 +01:00
python_dependencies.py Bump canonicaljson to version 1.4.0 (#8262) 2020-09-07 12:21:38 +01:00
secrets.py Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
server.py Add comment explaining cast 2020-08-11 22:01:12 +01:00
types.py Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
visibility.py Convert groups and visibility code to async / await. (#7951) 2020-07-27 12:32:08 -04:00