To all you #developers implementing #SSRF protections in your #fediverse applications...
We are all in favor of those protections. But!
Have a setting that lets projects like #FediTest override it. Otherwise how can anybody test interop on anything other than on the public internet?
Mastodon has a ALLOWED_PRIVATE_ADDRESSES setting, which is one way of doing it. Or just have a setting with a default value of what's disabled, and let people override it. Or whatever.
But we need something ...
@feditest if you're testing mitra, you can set
federation.ssrf_protection_enabled
to false (it was added in version 3.4.0)