MM-14478 Update documentation on AllowUntrustedInternalConnections #2499
Conversation
hmhealey
added
1: PM Review
|
Whoops. Good catch |
i18n/en.json
Outdated
| @@ -1224,7 +1224,7 @@ | |||
| "admin.service.insecureTlsTitle": "Enable Insecure Outgoing Connections: ", | |||
| "admin.service.integrationAdmin": "Restrict managing integrations to Admins:", | |||
| "admin.service.integrationAdminDesc": "When true, webhooks and slash commands can only be created, edited and viewed by Team and System Admins, and OAuth 2.0 applications by System Admins. Integrations are available to all users after they have been created by the Admin.", | |||
| "admin.service.internalConnectionsDesc": "In testing environments, such as when developing integrations locally on a development machine, use this setting to specify domains, IP addresses, or CIDR notations to allow internal connections. Separate two or more domains with spaces. **Not recommended for use in production**, since this can allow a user to extract confidential data from your server or internal network.\n \nBy default, user-supplied URLs such as those used for Open Graph metadata, webhooks, or slash commands will not be allowed to connect to reserved IP addresses including loopback or link-local addresses used for internal networks. Push notification and OAuth 2.0 server URLs are trusted and not affected by this setting.", | |||
| "admin.service.internalConnectionsDesc": "A whitelist of local network addresses that can be requested by the Mattermost server on behalf of a client. Care should be used when configuring this setting to prevent unintended access to your local network. See [documentation](https://docs.mattermost.com/administration/config-settings.html#allow-untrusted-internal-connections-to) to learn more.", | |||
There was a problem hiding this comment.
@hmhealey Can you help update the documentation link to be https://mattermost.com/default-allow-untrusted-internal-connections instead?
I'll ask marketing to help add a redirect to the doc.
(We want to avoid hardcoding doc links in the product, in case they get moved to another location, for instance)
There was a problem hiding this comment.
PS: Ticket for marketing team https://app.asana.com/0/647304641413388/1114101123295685
There was a problem hiding this comment.
@jasonblais, love the idea of a permalink, but can we avoid anchoring this at the root of mattermost.com? I fear a future conflict. Perhaps mattermost.com/pl/default-allow-untrusted-internal-connections or some other suitable prefix.
There was a problem hiding this comment.
I can touch base on the feasibility. We've used the default prefix to indicate default pages that should not be used as landing pages, but I could see it not being a full-proof "permanent" link
There was a problem hiding this comment.
@hmhealey @lieut-data Redirect for https://mattermost.com/pl/default-allow-untrusted-internal-connections is now set up
There was a problem hiding this comment.
@jasonblais These permalinks usually go through about.mattermost.com such as https://about.mattermost.com/platform-notice-txt/ or https://about.mattermost.com/hpns-terms/. We haven't used any sort of /pl/ either.
0/5 on if we change it, but I want to confirm this is correct before adding that.
There was a problem hiding this comment.
- We used about.mattermost.com in the past, because that was our site. We now create pages in mattermost.com.
/plhelps with the permalink portion.
Let me know if there are any concerns with either though, in case there are blindspots.
There was a problem hiding this comment.
K, I'll update that. I think those are good changes to make, but I wanted to make sure we were changing the standard practice on purpose.
jasonblais
added
4: Reviews Complete
hmhealey
added
CherryPick/Done
amyblais
added
Changelog/Not Needed
…attermost#2499) * MM-14478 Update documentation on AllowUntrustedInternalConnections * Update en.json * Update documentation link
…attermost#2499) * MM-14478 Update documentation on AllowUntrustedInternalConnections * Update en.json * Update documentation link
As discussed, this makes the setting sound less immediately scary, but instead of just rewriting the docs, I replaced most of the text with a link to them.
Ticket Link
https://mattermost.atlassian.net/browse/MM-14478
Checklist