scripte/timemaster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: CALDAV_ALLOWED_CIDRS Whitelist für interne CalDAV/Nextcloud-Server

Browse Source 
Interne Nextcloud-Instanzen im LAN können jetzt per .env-Variable
von der SSRF-Blockliste ausgenommen werden.

Beispiel in .env:
CALDAV_ALLOWED_CIDRS=192.168.1.0/24,10.10.5.50/32

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
patrick
2026-05-24 12:53:22 +02:00
parent 30828c69e9
commit 7e19311d2a
3 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/core/config.py
+6
View File
@@ -33,6 +33,12 @@ class Settings(BaseSettings):
first_superadmin_email: str = ""
first_superadmin_password: str = ""
# CalDAV / outbound HTTP
# Kommaseparierte CIDR-Whitelist für interne CalDAV-Server (z.B. Nextcloud im LAN).
# Diese CIDRs sind vom SSRF-Schutz ausgenommen.
# Beispiel: CALDAV_ALLOWED_CIDRS=192.168.1.0/24,10.10.5.50/32
caldav_allowed_cidrs: list[str] = []
@model_validator(mode='after')
def validate_secret_key(self):
if self.app_env == 'production' and self.secret_key == 'change-me-in-production':