mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-28 01:32:42 +01:00
a15f07cc33
Summary: We already support this (and Facebook uses it) but it is difficult to configure and you have to write a bunch of code. Instead, provide a simple flag. See the documentation changes for details, but when this flag is enabled we send one email with a reply-to like "D2+public+23hf91fh19fh@phabricator.example.com". Anyone can reply to this, and we figure out who they are based on their "From" address instead of a unique hash. This is less secure, but a reasonable tradeoff in many cases. This also has the advantage over a naive implementation of at least doing object hash validation. @jungejason: I don't think this affects Facebook's implementation but this is an area where we've had problems in the past, so watch out for it when you deploy. Also note that you must set "metamta.public-replies" to true since Maniphest now looks for that key specifically before going into public reply mode; it no longer just tests for a public reply address being generateable (since it can always generate one now). Test Plan: Swapped my local install in and out of public reply mode and commented on objects. Got expected email behavior. Replied to public and private email addresses. Attacked public addresses by using them when the install was configured to disallow them and by altering the hash and the from address. All this stuff was rejected. Reviewed By: jungejason Reviewers: moskov, jungejason, tuomaspelkonen, aran CC: aran, epriestley, moskov, jungejason Differential Revision: 563 |
||
---|---|---|
.. | ||
adapter | ||
controller | ||
daemon/mta | ||
parser | ||
replyhandler/base | ||
storage |