Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds possibility to configure protocols for allowed outgoing connections #16910

Merged
merged 6 commits into from Dec 10, 2020
Merged

Adds possibility to configure protocols for allowed outgoing connections #16910

merged 6 commits into from Dec 10, 2020

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Dec 8, 2020

Description:

Matomo should normally not send any request using other protocols than http and https.
In some uncommon use cases it might be needed to send other request. This can be done using a config setting to define the list of allowed protocols.

Review

  • Functional review done
  • Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • Security review done see checklist
  • Code review done
  • Tests were added if useful/possible
  • Reviewed for breaking changes
  • Developer changelog updated if needed
  • Documentation added if needed
  • Existing documentation updated if needed

@sgiehl sgiehl added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Dec 8, 2020
@sgiehl sgiehl added this to the 4.1.0 milestone Dec 8, 2020
@sgiehl sgiehl added the Needs Review PRs that need a code review label Dec 8, 2020
diosmosis
diosmosis reviewed Dec 9, 2020
View reviewed changes
config/global.ini.php Outdated
@@ -719,6 +719,10 @@
; If set to 0 it also disables the "sent plugin update emails" feature in general and the related setting in the UI.
enable_update_communication = 1

; This option defines the protocols Matomo's Http class is allowed to open.
; If you may need to download GeoIP updates or other stuff using other protocols like ftp you may need to extend this list.
allowed_protocols = 'http,https'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think it might be better to name this allowed_outgoing_protocols or similar? To avoid confusion about what it refers to.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated the name

diosmosis
diosmosis reviewed Dec 9, 2020
View reviewed changes
Copy link
Member

@diosmosis diosmosis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a comment, generally looks good, think the UI tests will have to be updated

@diosmosis
Copy link
Member

@sgiehl seems like there are some test failures

@sgiehl
Copy link
Member Author

sgiehl commented Dec 10, 2020

@diosmosis should be fixed now

@diosmosis diosmosis merged commit 414396f into 4.x-dev Dec 10, 2020
@diosmosis diosmosis deleted the limitprotocols branch December 10, 2020 23:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diosmosis diosmosis diosmosis approved these changes

Assignees
No one assigned
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Needs Review PRs that need a code review
Projects
None yet
Milestone
4.1.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sgiehl @diosmosis