diff options
author | Matthew Hodgson <matthew@matrix.org> | 2018-04-13 15:47:43 +0100 |
---|---|---|
committer | Matthew Hodgson <matthew@matrix.org> | 2018-04-13 15:47:43 +0100 |
commit | 78a9698650b7a96e2a7814c3732c3ff8aa5a2f0f (patch) | |
tree | f5f485ad79d6897f42279dad6ad2715df14df477 /synapse/federation/transport/server.py | |
parent | revert last to PR properly (diff) | |
download | synapse-78a9698650b7a96e2a7814c3732c3ff8aa5a2f0f.tar.xz |
fix federation_domain_whitelist
we were checking the wrong server_name on inbound requests
Diffstat (limited to 'synapse/federation/transport/server.py')
-rw-r--r-- | synapse/federation/transport/server.py | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/synapse/federation/transport/server.py b/synapse/federation/transport/server.py index 4c94d5a36c..ff0656df3e 100644 --- a/synapse/federation/transport/server.py +++ b/synapse/federation/transport/server.py @@ -94,12 +94,6 @@ class Authenticator(object): "signatures": {}, } - if ( - self.federation_domain_whitelist is not None and - self.server_name not in self.federation_domain_whitelist - ): - raise FederationDeniedError(self.server_name) - if content is not None: json_request["content"] = content @@ -138,6 +132,12 @@ class Authenticator(object): json_request["origin"] = origin json_request["signatures"].setdefault(origin, {})[key] = sig + if ( + self.federation_domain_whitelist is not None and + origin not in self.federation_domain_whitelist + ): + raise FederationDeniedError(origin) + if not json_request["signatures"]: raise NoAuthenticationError( 401, "Missing Authorization headers", Codes.UNAUTHORIZED, |