Requires that all outbound network connections made by migrations & mirroring be performed over encrypted communication channels. As those communication channels (HTTPS and SSH) have their own built-in protections against DNS rebinding (TLS certificate validation and SSH host key validation), DNS rebinding attacks become ineffective as a means to redirect Forgejo to pull-from or push-to unexpected remotes with mirrors.
`[migrations].ALLOW_UNENCRYPTED` is a new setting which defaults to false, and can be set to `true` to restore access to unencrypted remotes. The risks associated with it are documented in `app.example.ini` and will be transferred into the docs repo.
**Breaking:** Existing mirrors configured against `http://` and `git://` protocols will fail, with "unencrypted transfer protocol, remote cannot be validated". It is recommended that those mirrors be changed to encrypted protocols. `[migrations].ALLOW_UNENCRYPTED` may be set to `true` to revert to the previous behaviour, accepting the risks documented here.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13490
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>