From f33cc2f4454581c358a3508b8dff1d17b01485ba Mon Sep 17 00:00:00 2001
From: Sergey Konovalov <Sergey.Konovalov@onlyoffice.com>
Date: Mon, 22 Apr 2024 19:48:34 +0300
Subject: [PATCH] [feature] Remove unused
 allowPrivateIPAddressForSignedRequests; bug 63590

---
 Common/config/default.json | 3 +--
 Common/sources/utils.js    | 4 +---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/Common/config/default.json b/Common/config/default.json
index fcccf356c..8e9751fd6 100644
--- a/Common/config/default.json
+++ b/Common/config/default.json
@@ -170,8 +170,7 @@
 				"assemblyFormatAsOrigin": true,
 				"newFileTemplate" : "../../document-templates/new",
 				"downloadFileAllowExt": ["pdf", "xlsx"],
-				"tokenRequiredParams": true,
-				"allowPrivateIPAddressForSignedRequests": true
+				"tokenRequiredParams": true
 			},
 			"requestDefaults": {
 				"headers": {
diff --git a/Common/sources/utils.js b/Common/sources/utils.js
index 52ed83cb3..7314d7fac 100644
--- a/Common/sources/utils.js
+++ b/Common/sources/utils.js
@@ -83,7 +83,6 @@ const cfgPasswordEncrypt = config.get('openpgpjs.encrypt');
 const cfgPasswordDecrypt = config.get('openpgpjs.decrypt');
 const cfgPasswordConfig = config.get('openpgpjs.config');
 const cfgRequesFilteringAgent = config.get('services.CoAuthoring.request-filtering-agent');
-const cfgAllowPrivateIPAddressForSignedRequests = config.get('services.CoAuthoring.server.allowPrivateIPAddressForSignedRequests');
 const cfgStorageExternalHost = config.get('storage.externalHost');
 const cfgExternalRequestDirectIfIn = config.get('externalRequest.directIfIn');
 const cfgExternalRequestAction = config.get('externalRequest.action');
@@ -272,7 +271,6 @@ function isRedirectResponse(response) {
 function isAllowDirectRequest(ctx, uri, isInJwtToken) {
   let res = false;
   const tenExternalRequestDirectIfIn = ctx.getCfg('externalRequest.directIfIn', cfgExternalRequestDirectIfIn);
-  const tenAllowPrivateIPAddressForSignedRequests = ctx.getCfg('services.CoAuthoring.server.allowPrivateIPAddressForSignedRequests', cfgAllowPrivateIPAddressForSignedRequests);
   let allowList = tenExternalRequestDirectIfIn.allowList;
   if (allowList.length > 0) {
     let allowIndex = allowList.findIndex((allowPrefix) => {
@@ -280,7 +278,7 @@ function isAllowDirectRequest(ctx, uri, isInJwtToken) {
     }, uri);
     res = -1 !== allowIndex;
     ctx.logger.debug("isAllowDirectRequest check allow list res=%s", res);
-  } else if (tenExternalRequestDirectIfIn.jwtToken && tenAllowPrivateIPAddressForSignedRequests) {
+  } else if (tenExternalRequestDirectIfIn.jwtToken) {
     res = isInJwtToken;
     ctx.logger.debug("isAllowDirectRequest url in jwt token res=%s", res);
   }