1 files changed, 25 insertions, 2 deletions
diff --git a/webapp/components/admin_console/developer_settings.jsx b/webapp/components/admin_console/developer_settings.jsx
index c7ffd18d5..6a8f49dbd 100644
--- a/webapp/components/admin_console/developer_settings.jsx
+++ b/webapp/components/admin_console/developer_settings.jsx
@@ -3,10 +3,13 @@
 
 import React from 'react';
 
+import * as Utils from 'utils/utils.jsx';
+
 import AdminSettings from './admin_settings.jsx';
 import BooleanSetting from './boolean_setting.jsx';
-import {FormattedMessage} from 'react-intl';
+import {FormattedMessage, FormattedHTMLMessage} from 'react-intl';
 import SettingsGroup from './settings_group.jsx';
+import TextSetting from './text_setting.jsx';
 
 export default class DeveloperSettings extends AdminSettings {
     constructor(props) {
@@ -20,6 +23,7 @@ export default class DeveloperSettings extends AdminSettings {
     getConfigFromState(config) {
         config.ServiceSettings.EnableTesting = this.state.enableTesting;
         config.ServiceSettings.EnableDeveloper = this.state.enableDeveloper;
+        config.ServiceSettings.AllowedUntrustedInternalConnections = this.state.allowedUntrustedInternalConnections;
 
         return config;
     }
@@ -27,7 +31,8 @@ export default class DeveloperSettings extends AdminSettings {
     getStateFromConfig(config) {
         return {
             enableTesting: config.ServiceSettings.EnableTesting,
-            enableDeveloper: config.ServiceSettings.EnableDeveloper
+            enableDeveloper: config.ServiceSettings.EnableDeveloper,
+            allowedUntrustedInternalConnections: config.ServiceSettings.AllowedUntrustedInternalConnections
         };
     }
 
@@ -77,6 +82,24 @@ export default class DeveloperSettings extends AdminSettings {
                     value={this.state.enableDeveloper}
                     onChange={this.handleChange}
                 />
+                <TextSetting
+                    id='allowedUntrustedInternalConnections'
+                    label={
+                        <FormattedMessage
+                            id='admin.service.internalConnectionsTitle'
+                            defaultMessage='Allow untrusted internal connections to: '
+                        />
+                    }
+                    placeholder={Utils.localizeMessage('admin.service.internalConnectionsEx', 'webhooks.internal.example.com 127.0.0.1 10.0.16.0/28')}
+                    helpText={
+                        <FormattedHTMLMessage
+                            id='admin.service.internalConnectionsDesc'
+                            defaultMessage='In testing environments, such as when developing integrations locally on a development machine, use this setting to specify domains, IP addresses, or CIDR notations to allow internal connections. <b>Not recommended for use in production</b>, since this can allow a user to extract confidential data from your server or internal network.<br /><br />By default, user-supplied URLs such as those used for Open Graph metadata, webhooks, or slash commands will not be allowed to connect to reserved IP addresses including loopback or link-local addresses used for internal networks. Push notification, OAuth 2.0 and WebRTC server URLs are trusted and not affected by this setting.'
+                        />
+                    }
+                    value={this.state.allowedUntrustedInternalConnections}
+                    onChange={this.handleChange}
+                />
             </SettingsGroup>
         );
     }