Improve local domain detection

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php
index 2789b1b59350c4288e49f404f2625b4e1a3ca7ca..c69d1007a160e6fa48bfb9f9889f09fb04c7c1ce 100644 (file)
--- a/lib/private/Http/Client/LocalAddressChecker.php
+++ b/lib/private/Http/Client/LocalAddressChecker.php
@@ -66,8 +66,10 @@ class LocalAddressChecker {
                        $host = substr($host, 1, -1);
                }
 
-               // Disallow localhost and local network
-               if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost') {
+               // Disallow local network top-level domains from RFC 6762
+               $localTopLevelDomains = ['local','localhost','intranet','internal','private','corp','home','lan'];
+               $topLevelDomain = substr((strrchr($host, '.') ?: ''), 1);
+               if (in_array($topLevelDomain, $localTopLevelDomains)) {
                        $this->logger->warning("Host $host was not connected to because it violates local access rules");
                        throw new LocalServerException('Host violates local access rules');
                }