-
Notifications
You must be signed in to change notification settings - Fork 2.7k
MM-14478 Update documentation on AllowUntrustedInternalConnections #2499
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me, but do we need to update i18n/en.json
?
Whoops. Good catch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉
i18n/en.json
Outdated
@@ -1224,7 +1224,7 @@ | |||
"admin.service.insecureTlsTitle": "Enable Insecure Outgoing Connections: ", | |||
"admin.service.integrationAdmin": "Restrict managing integrations to Admins:", | |||
"admin.service.integrationAdminDesc": "When true, webhooks and slash commands can only be created, edited and viewed by Team and System Admins, and OAuth 2.0 applications by System Admins. Integrations are available to all users after they have been created by the Admin.", | |||
"admin.service.internalConnectionsDesc": "In testing environments, such as when developing integrations locally on a development machine, use this setting to specify domains, IP addresses, or CIDR notations to allow internal connections. Separate two or more domains with spaces. **Not recommended for use in production**, since this can allow a user to extract confidential data from your server or internal network.\n \nBy default, user-supplied URLs such as those used for Open Graph metadata, webhooks, or slash commands will not be allowed to connect to reserved IP addresses including loopback or link-local addresses used for internal networks. Push notification and OAuth 2.0 server URLs are trusted and not affected by this setting.", | |||
"admin.service.internalConnectionsDesc": "A whitelist of local network addresses that can be requested by the Mattermost server on behalf of a client. Care should be used when configuring this setting to prevent unintended access to your local network. See [documentation](https://docs.mattermost.com/administration/config-settings.html#allow-untrusted-internal-connections-to) to learn more.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hmhealey Can you help update the documentation link to be https://mattermost.com/default-allow-untrusted-internal-connections instead?
I'll ask marketing to help add a redirect to the doc.
(We want to avoid hardcoding doc links in the product, in case they get moved to another location, for instance)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PS: Ticket for marketing team https://app.asana.com/0/647304641413388/1114101123295685
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jasonblais, love the idea of a permalink, but can we avoid anchoring this at the root of mattermost.com
? I fear a future conflict. Perhaps mattermost.com/pl/default-allow-untrusted-internal-connections
or some other suitable prefix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can touch base on the feasibility. We've used the default
prefix to indicate default pages that should not be used as landing pages, but I could see it not being a full-proof "permanent" link
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hmhealey @lieut-data Redirect for https://mattermost.com/pl/default-allow-untrusted-internal-connections is now set up
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jasonblais These permalinks usually go through about.mattermost.com
such as https://about.mattermost.com/platform-notice-txt/ or https://about.mattermost.com/hpns-terms/. We haven't used any sort of /pl/
either.
0/5 on if we change it, but I want to confirm this is correct before adding that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- We used about.mattermost.com in the past, because that was our site. We now create pages in mattermost.com.
/pl
helps with the permalink portion.
Let me know if there are any concerns with either though, in case there are blindspots.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
K, I'll update that. I think those are good changes to make, but I wanted to make sure we were changing the standard practice on purpose.
…attermost#2499) * MM-14478 Update documentation on AllowUntrustedInternalConnections * Update en.json * Update documentation link
…attermost#2499) * MM-14478 Update documentation on AllowUntrustedInternalConnections * Update en.json * Update documentation link
As discussed, this makes the setting sound less immediately scary, but instead of just rewriting the docs, I replaced most of the text with a link to them.
Ticket Link
https://mattermost.atlassian.net/browse/MM-14478
Checklist