summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-05-03 15:50:59 +0100
committerRichard van der Hoff <richard@matrix.org>2019-05-03 15:50:59 +0100
commit1565ebec2c7aa9f6f2a8b60227b405cae12e7170 (patch)
tree62527d05d9aa64869b469f33af6db5d291720e3e /synapse
parentBlacklist 0.0.0.0 and :: by default for URL previews (diff)
downloadsynapse-1565ebec2c7aa9f6f2a8b60227b405cae12e7170.tar.xz
more config comment updates
Diffstat (limited to 'synapse')
-rw-r--r--synapse/config/repository.py7
1 files changed, 5 insertions, 2 deletions
diff --git a/synapse/config/repository.py b/synapse/config/repository.py
index d155d69d8a..fbfcecc240 100644
--- a/synapse/config/repository.py
+++ b/synapse/config/repository.py
@@ -279,8 +279,11 @@ class ContentRepositoryConfig(Config):
         # synapse to issue arbitrary GET requests to your internal services,
         # causing serious security issues.
         #
-        # This must be specified if url_preview_enabled. It is recommended that you
-        # uncomment the following list as a starting point.
+        # (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+        # listed here, since they correspond to unroutable addresses.)
+        #
+        # This must be specified if url_preview_enabled is set. It is recommended that
+        # you uncomment the following list as a starting point.
         #
         #url_preview_ip_range_blacklist:
         #  - '127.0.0.0/8'