From c1bf546c30649dc693cde1c19ea4127b7afec59c Mon Sep 17 00:00:00 2001
From: Markus Kahl <machisuji@gmail.com>
Date: Mon, 9 Mar 2026 12:31:36 +0000
Subject: [PATCH] add pointer to which IP address ranges are blocked by SSRF
 protection

---
 app/mailers/user_mailer.rb              | 2 +-
 config/constants/settings/definition.rb | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
index c9ec9c7688f..a9175a3e570 100644
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@@ -33,7 +33,7 @@ class UserMailer < ApplicationMailer
 
   helper_method :message_url
 
-  def test_mail(user, delivery_method_options:)
+  def test_mail(user, delivery_method_options: {})
     @welcome_url = url_for(controller: "/homescreen")
 
     open_project_headers "Type" => "Test"
diff --git a/config/constants/settings/definition.rb b/config/constants/settings/definition.rb
index 4c7296612bf..7941d314686 100644
--- a/config/constants/settings/definition.rb
+++ b/config/constants/settings/definition.rb
@@ -1181,10 +1181,12 @@ module Settings
       },
       ssrf_protection_ip_allowlist: {
         description: "
-          Connections to certain IP addresses (such as private ranges) are blocked to prevent SSRF attacks.
+          Connections to certain IP addresses (such as private ranges, c.f. [1]) are blocked to prevent SSRF attacks.
           Use this setting to explicitly allow given IP addresses which would otherwise be blocked.
           Takes a comma or space separated list of IPv4 and IPv6 addresses (including masks for ranges),
           e.g. `192.168.255.255/16`.
+
+          [1] https://github.com/arkadiyt/ssrf_filter/blob/main/lib/ssrf_filter/ssrf_filter.rb#L28-L58
         ".squish,
         format: :string,
         default: "",