diff --git a/config-raw.json b/config-raw.json index 9682f38a4..721bb1a3f 100644 --- a/config-raw.json +++ b/config-raw.json @@ -974,6 +974,11 @@ "key": "proxypassword", "default_value": "", "comment": "The proxy password to use when authenticating against the proxy." + }, + { + "key": "allownonroutableips", + "default_value": "false", + "comment": "If set to true, webhook target URLs may resolve to non-globally-routable IP addresses (private networks, loopback, link-local, etc). When false (the default), Vikunja blocks outgoing webhook requests to these addresses to prevent SSRF attacks. Set this to true if you need webhooks to reach services on your internal network." } ] }, diff --git a/pkg/config/config.go b/pkg/config/config.go index 06c032e8d..12bccaf3b 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -211,10 +211,11 @@ const ( DefaultSettingsTimezone Key = `defaultsettings.timezone` DefaultSettingsOverdueTaskRemindersTime Key = `defaultsettings.overdue_tasks_reminders_time` - WebhooksEnabled Key = `webhooks.enabled` - WebhooksTimeoutSeconds Key = `webhooks.timeoutseconds` - WebhooksProxyURL Key = `webhooks.proxyurl` - WebhooksProxyPassword Key = `webhooks.proxypassword` + WebhooksEnabled Key = `webhooks.enabled` + WebhooksTimeoutSeconds Key = `webhooks.timeoutseconds` + WebhooksProxyURL Key = `webhooks.proxyurl` + WebhooksProxyPassword Key = `webhooks.proxypassword` + WebhooksAllowNonRoutableIPs Key = `webhooks.allownonroutableips` AutoTLSEnabled Key = `autotls.enabled` AutoTLSEmail Key = `autotls.email` @@ -466,6 +467,7 @@ func InitDefaultConfig() { // Webhook WebhooksEnabled.setDefault(true) WebhooksTimeoutSeconds.setDefault(30) + WebhooksAllowNonRoutableIPs.setDefault(false) // AutoTLS AutoTLSRenewBefore.setDefault("720h") // 30days in hours // Plugins