XF 2.2 Push Notifications - IP Reveal?

Solution
So we've made a little change here for 2.2.6.

If you have a HTTP proxy configured in your src/config.php then this will be used to proxy the push notifications to the cloud messaging endpoint.

This essentially removes the risk of an untrustworthy endpoint being injected for the sole purpose of leaking an IP address.
I don’t think the server IP address is leaked in the process as far as I know.
Hmm, don't the endpoint push servers get the IP address of the server initiating the push?
I can't think of any way this would not be the case, except if using a proxy or VPN in which case the IP does get "leaked" to that proxy or VPN host.
 
Last edited:
Hmm, do the endpoint push servers not get the IP address of the server initiating the push?
I can't think of any way this would not be the case, except if using a proxy or VPN in which case the IP does get "leaked" to that proxy or VPN host.
Yes but as these are typically controlled by Google, Mozilla, Microsoft etc. this shouldn’t be an issue in terms of IP protection purposes. In this context they would be trusted.

The IP address isn’t leaked to the person who receives the push notification i.e. a potentially untrusted party to the best of my knowledge.
 
So we've made a little change here for 2.2.6.

If you have a HTTP proxy configured in your src/config.php then this will be used to proxy the push notifications to the cloud messaging endpoint.

This essentially removes the risk of an untrustworthy endpoint being injected for the sole purpose of leaking an IP address.
 
Solution
Back
Top Bottom