Always whitelist the login fallback for SSO (#7153)

That fallback sets the redirect URL to itself (so it can process the login token then return gracefully to the client). This would make it pointless to ask the user for confirmation, since the URL the confirmation page would be showing wouldn't be the client's.
author: Richard van der Hoff <richard@matrix.org> 2020-03-27 20:24:52 +0000
committer: Richard van der Hoff <richard@matrix.org> 2020-03-27 20:24:52 +0000
commit: b7da598a61a1bcea3855edf403bdc5ea32cc9e7a (patch)
tree: 541e73a57229f1eff436747d419764529d809250 /docs
parent: Improve the UX of the login fallback when using SSO (#7152) (diff)
download: synapse-b7da598a61a1bcea3855edf403bdc5ea32cc9e7a.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 545226f753..743949945a 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1444,6 +1444,10 @@ sso:
     # phishing attacks from evil.site. To avoid this, include a slash after the
     # hostname: "https://my.client/".
     #
+    # If public_baseurl is set, then the login fallback page (used by clients
+    # that don't natively support the required login flows) is whitelisted in
+    # addition to any URLs in this list.
+    #
     # By default, this list is empty.
     #
     #client_whitelist:
author	Richard van der Hoff <richard@matrix.org>	2020-03-27 20:24:52 +0000
committer	Richard van der Hoff <richard@matrix.org>	2020-03-27 20:24:52 +0000
commit	b7da598a61a1bcea3855edf403bdc5ea32cc9e7a (patch)
tree	541e73a57229f1eff436747d419764529d809250 /docs
parent	Improve the UX of the login fallback when using SSO (#7152) (diff)
download	synapse-b7da598a61a1bcea3855edf403bdc5ea32cc9e7a.tar.xz