diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index eadc1c0d96..9643e396b6 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -1400,6 +1400,7 @@ PATH = ;; Built-in: loopback (for localhost), private (for LAN/intranet), external (for public hosts on internet), * (for all hosts) ;; CIDR list: 1.2.3.0/8, 2001:db8::/32 ;; Wildcard hosts: *.mydomain.com, 192.168.100.* +;; Since 1.15.7. Default to * for 1.15.x, external for 1.16 and later ;ALLOWED_HOST_LIST = external ;; ;; Allow insecure certification diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 6cc6043cae..3b5d9213df 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -581,7 +581,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type - `QUEUE_LENGTH`: **1000**: Hook task queue length. Use caution when editing this value. - `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks. -- `ALLOWED_HOST_LIST`: **external**: Webhook can only call allowed hosts for security reasons. Comma separated list. +- `ALLOWED_HOST_LIST`: **external**: Since 1.15.7. Default to `*` for 1.15.x, `external` for 1.16 and later. Webhook can only call allowed hosts for security reasons. Comma separated list. - Built-in networks: - `loopback`: 127.0.0.0/8 for IPv4 and ::1/128 for IPv6, localhost is included. - `private`: RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and RFC 4193 (FC00::/7). Also called LAN/Intranet.