From 62146dbdef785f26567b1074d38802c0b2157795 Mon Sep 17 00:00:00 2001 From: jwijenbergh Date: Tue, 21 Mar 2023 16:02:18 +0100 Subject: Docs + Types server: Add comments about script-security --- docs/src/api/overview/README.md | 2 +- types/server/server.go | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/src/api/overview/README.md b/docs/src/api/overview/README.md index 989e8a6..4ad1a2c 100644 --- a/docs/src/api/overview/README.md +++ b/docs/src/api/overview/README.md @@ -202,7 +202,7 @@ State transitions that must be handled: - `Ask_Location`: For asking the secure internet location. Acknowledge the request with [SetSecureLocation](#set-secure-location) Return type: -- The VPN configuration with associated data (`types.server.Configuration`). Note that this also contains Tokens that can be saved by the client. +- The VPN configuration with associated data (`types.server.Configuration`). Note that this also contains Tokens that can be saved by the client. Note that the VPN configuration itself has "script-security 0" added to the end if it's an OpenVPN config. This is to disable OpenVPN scripts from being run by default. A client may override this if it has a good reason to. - An error ### Expiry Times diff --git a/types/server/server.go b/types/server/server.go index 9747ebf..ae73f45 100644 --- a/types/server/server.go +++ b/types/server/server.go @@ -107,6 +107,8 @@ type List struct { // Configuration is the configuration that you get back when you call the get config function type Configuration struct { // VPNConfig is the VPN Configuration, a WireGuard or OpenVPN Configuration + // In case of OpenVPN, we append "script-security 0" to disable scripts from being run by default. + // A client may override this, e.g. for, very trusted, pre-provisioned VPNs VPNConfig string `json:"config"` // Protocol defines which protocol the configuration is for, OpenVPN or WireGuard Protocol protocol.Protocol `json:"protocol"` -- cgit v1.2.3