summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/src/api/overview/README.md2
-rw-r--r--types/server/server.go2
2 files changed, 3 insertions, 1 deletions
diff --git a/docs/src/api/overview/README.md b/docs/src/api/overview/README.md
index 989e8a6..4ad1a2c 100644
--- a/docs/src/api/overview/README.md
+++ b/docs/src/api/overview/README.md
@@ -202,7 +202,7 @@ State transitions that must be handled:
- `Ask_Location`: For asking the secure internet location. Acknowledge the request with [SetSecureLocation](#set-secure-location)
Return type:
-- The VPN configuration with associated data (`types.server.Configuration`). Note that this also contains Tokens that can be saved by the client.
+- The VPN configuration with associated data (`types.server.Configuration`). Note that this also contains Tokens that can be saved by the client. Note that the VPN configuration itself has "script-security 0" added to the end if it's an OpenVPN config. This is to disable OpenVPN scripts from being run by default. A client may override this if it has a good reason to.
- An error
### Expiry Times
diff --git a/types/server/server.go b/types/server/server.go
index 9747ebf..ae73f45 100644
--- a/types/server/server.go
+++ b/types/server/server.go
@@ -107,6 +107,8 @@ type List struct {
// Configuration is the configuration that you get back when you call the get config function
type Configuration struct {
// VPNConfig is the VPN Configuration, a WireGuard or OpenVPN Configuration
+ // In case of OpenVPN, we append "script-security 0" to disable scripts from being run by default.
+ // A client may override this, e.g. for, very trusted, pre-provisioned VPNs
VPNConfig string `json:"config"`
// Protocol defines which protocol the configuration is for, OpenVPN or WireGuard
Protocol protocol.Protocol `json:"protocol"`