Skip to content

fix: allow webhooks with IP addresses and private domains #11301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tanujbhaud wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix: allow webhooks with IP addresses and private domains #11301

tanujbhaud wants to merge 5 commits into from
+8 −10

Conversation

@tanujbhaud
Copy link

@tanujbhaud tanujbhaud commented Feb 11, 2026

This PR removes the restriction that prevented Webhooks from using IP addresses or private domains (like ), which is a common requirement for self-hosted instances. Updated tests to assert success for private IPs. Fixes #7989.

@tanujbhaud
fix: allow IP addresses in webhook URLs (appwrite#7989)
1bb44c6 
Remove PublicDomain validator from webhook URL validation in both
createWebhook and updateWebhook endpoints. The URL validator already
validates URL structure. PublicDomain rejected IP addresses like
http://192.168.1.16:24040/sync which are valid for self-hosted users.
@tanujbhaud
ci: trigger actions
a8fdb37
@tanujbhaud
style: fix linter errors in projects.php
c709724
@tanujbhaud
style: remove extra blank line in imports
d13a5b8
@tanujbhaud
test: align fallback to allow private domains
d4b257a
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 11, 2026
edited
Loading

📝 Walkthrough

Walkthrough

This change removes the PublicDomain validator from webhook URL validation in the API endpoints. The URL parameter validation for both webhook creation and update endpoints is simplified from a composite validation (checking URL validity and public domain status) to a single URL validator that only ensures http or https schemes. Two corresponding test cases are updated to reflect that webhook operations with private domains and IP addresses now succeed instead of returning 400 status codes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely summarizes the main change: allowing webhooks to use IP addresses and private domains by removing validation restrictions.
Description check ✅ Passed The description is directly related to the changeset, explaining the removal of restrictions on webhook validation and test updates, with reference to the linked issue.
Linked Issues check ✅ Passed The PR successfully addresses issue #7989 by removing the PublicDomain validator that was blocking IP addresses and private domains in webhook URLs, allowing them to be created as requested.
Out of Scope Changes check ✅ Passed All changes are directly scoped to the objective of allowing IP addresses and private domains in webhooks: validator removal and corresponding test updates.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

No actionable comments were generated in the recent review. 🎉

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link

github-actions bot commented Feb 11, 2026

Security Scan Results for PR

Docker Image Scan Results

Package Version Vulnerability Severity
libcrypto3 3.5.4-r0 CVE-2025-15467 CRITICAL
libcrypto3 3.5.4-r0 CVE-2025-69419 HIGH
libcrypto3 3.5.4-r0 CVE-2025-69421 HIGH
libpng 1.6.51-r0 CVE-2025-66293 HIGH
libpng 1.6.51-r0 CVE-2026-22695 HIGH
libpng 1.6.51-r0 CVE-2026-22801 HIGH
libpng-dev 1.6.51-r0 CVE-2025-66293 HIGH
libpng-dev 1.6.51-r0 CVE-2026-22695 HIGH
libpng-dev 1.6.51-r0 CVE-2026-22801 HIGH
libssl3 3.5.4-r0 CVE-2025-15467 CRITICAL
libssl3 3.5.4-r0 CVE-2025-69419 HIGH
libssl3 3.5.4-r0 CVE-2025-69421 HIGH
openssl 3.5.4-r0 CVE-2025-15467 CRITICAL
openssl 3.5.4-r0 CVE-2025-69419 HIGH
openssl 3.5.4-r0 CVE-2025-69421 HIGH
openssl-dev 3.5.4-r0 CVE-2025-15467 CRITICAL
openssl-dev 3.5.4-r0 CVE-2025-69419 HIGH
openssl-dev 3.5.4-r0 CVE-2025-69421 HIGH
py3-urllib3 1.26.20-r0 CVE-2026-21441 HIGH
py3-urllib3-pyc 1.26.20-r0 CVE-2026-21441 HIGH

Source Code Scan Results

🎉 No vulnerabilities found!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

🐛 Bug Report: Webhooks don't work with IP Address as Domain

1 participant

@tanujbhaud