Failing to import theme via API from Gitlab with Token in URL

Hey all,

I’m struggling to upload a remote theme via API from GitLab (with token in URL) using discourse_api, '0.38'

This worked for v2.9.0beta10 but seems to be failing for 3.0.0.

The post request is returning this client side:

/opt/bundle/gems/discourse_api-0.38.0/lib/discourse_api/client.rb:158:in `handle_error': DiscourseApi::Error
        from /opt/bundle/gems/discourse_api-0.38.0/lib/discourse_api/client.rb:141:in `request'
        from /opt/bundle/gems/discourse_api-0.38.0/lib/discourse_api/client.rb:90:in `post'

I’m getting this in the target development Discourse instance logs:

Failed to process hijacked response correctly : FinalDestination::SSRFDetector::DisallowedIpError : FinalDestination: all resolved IPs were disallowed

Noting these commits: SECURITY: Expand and improve SSRF Protections (#18815) · discourse/discourse@68b4fe4 · GitHub , FIX: Theme import error handling needs to happen inside the hijack bl… · discourse/discourse@1398bd5 · GitHub ,
FIX: When following redirects before cloning, use the first git reque… · discourse/discourse@d9364a2 · GitHub

(which is not long after the beta tag for which it was working)

Is there some additional config I need in order to permit the request?

I see there was a related Topic here, but it’s closed:

FYI for whatever reason, this appears to have been resolved as at 3.1.0beta2 :+1:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.