From 3f0326855d9799d304b3b475543c514180e7c418 Mon Sep 17 00:00:00 2001
From: anya hope <dev@annahope.me>
Date: Sat, 28 Mar 2026 16:55:06 -0500
Subject: [PATCH] feat(c10y): add url_preview_domain_explicit_allowlist

---
 roles/custom/matrix-continuwuity/defaults/main.yml             | 3 +++
 .../custom/matrix-continuwuity/templates/continuwuity.toml.j2  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/custom/matrix-continuwuity/defaults/main.yml b/roles/custom/matrix-continuwuity/defaults/main.yml
index 60aa7aa4c..944e408f3 100644
--- a/roles/custom/matrix-continuwuity/defaults/main.yml
+++ b/roles/custom/matrix-continuwuity/defaults/main.yml
@@ -199,6 +199,9 @@ matrix_continuwuity_config_ignore_messages_from_server_names: []
 # Controls the `url_preview_domain_contains_allowlist` setting.
 matrix_continuwuity_config_url_preview_domain_contains_allowlist: []
 
+# Controls the `url_preview_domain_explicit_allowlist` setting.
+matrix_continuwuity_config_url_preview_domain_explicit_allowlist: []
+
 # Additional environment variables to pass to the container.
 #
 # Environment variables take priority over settings in the configuration file.
diff --git a/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2 b/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
index 04329810c..317be4c03 100644
--- a/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
+++ b/roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
@@ -1319,7 +1319,7 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
 # attack surface to your server, you are expected to be aware of the risks
 # by doing so.
 #
-#url_preview_domain_explicit_allowlist = []
+url_preview_domain_explicit_allowlist = {{ matrix_continuwuity_config_url_preview_domain_explicit_allowlist | to_json }}
 
 # Vector list of explicit domains not allowed to send requests to for URL
 # previews.