Hey all,
I’m struggling to upload a remote theme via API from GitLab (with token in URL) using discourse_api, '0.38'
This worked for v2.9.0beta10 but seems to be failing for 3.0.0.
The post request is returning this client side:
/opt/bundle/gems/discourse_api-0.38.0/lib/discourse_api/client.rb:158:in `handle_error': DiscourseApi::Error
from /opt/bundle/gems/discourse_api-0.38.0/lib/discourse_api/client.rb:141:in `request'
from /opt/bundle/gems/discourse_api-0.38.0/lib/discourse_api/client.rb:90:in `post'
I’m getting this in the target development Discourse instance logs:
Failed to process hijacked response correctly : FinalDestination::SSRFDetector::DisallowedIpError : FinalDestination: all resolved IPs were disallowed
Noting these commits: SECURITY: Expand and improve SSRF Protections (#18815) · discourse/discourse@68b4fe4 · GitHub , FIX: Theme import error handling needs to happen inside the hijack bl… · discourse/discourse@1398bd5 · GitHub ,
FIX: When following redirects before cloning, use the first git reque… · discourse/discourse@d9364a2 · GitHub
(which is not long after the beta tag for which it was working)
Is there some additional config I need in order to permit the request?
I see there was a related Topic here, but it’s closed: