synapse-product/synapse/rest
Andrew Morgan 094896a69d
Add a config option for validating 'next_link' parameters against a domain whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285

They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.

This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.

This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
2020-09-08 16:03:09 +01:00
..
admin Search in columns 'name' and 'displayname' in the admin users endpoint (#7377) 2020-08-25 14:18:14 +01:00
client Add a config option for validating 'next_link' parameters against a domain whitelist (#8275) 2020-09-08 16:03:09 +01:00
consent Remove unnecessary maybeDeferred calls (#8044) 2020-08-07 09:44:48 -04:00
key Be stricter about JSON that is accepted by Synapse (#8106) 2020-08-19 07:26:03 -04:00
media Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00
oidc Merge different Resource implementation classes (#7732) 2020-07-03 19:02:19 +01:00
saml2 Merge different Resource implementation classes (#7732) 2020-07-03 19:02:19 +01:00
__init__.py Add /user/{user_id}/shared_rooms/ api (#7785) 2020-09-02 13:18:40 +01:00
health.py Add health check endpoint (#8048) 2020-08-07 14:21:24 +01:00
well_known.py Stop sub-classing object (#8249) 2020-09-04 06:54:56 -04:00