mirror of
https://github.com/zulip/zulip.git
synced 2025-11-05 14:35:27 +00:00
5368d1bd4c
In servers with `application_server.http_only = true` and `loadbalancer.ips` set, the DetectProxyMisconfiguration middleware prevents access over HTTP from IP addresses other than the loadbalancer. However, this misses the case of access from localhost over HTTP, which is safe and expected -- for instance, the `email-mirror-postfix` script used in the email gateway[^1] will post to `http://localhost/` by default in such configurations. With the DetectProxyMisconfiguration installed, this will result in a 403 response. Make an exception for requests from `127.0.0.1` and `::1` from proxy-misconfiguration rejections. [^1]: https://zulip.readthedocs.io/en/latest/production/email-gateway.html
31 KiB
31 KiB