From ec34fc9e99befa3738fd2f6cac6c970bdfaa5558 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Wed, 4 Feb 2026 11:47:39 +0100
Subject: [PATCH] Add to_canonical() for ip check

---
 src/config.rs | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index 9eb0b97..c4e59f3 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -186,23 +186,23 @@ impl<T: Clone> FederationConfig<T> {
             // Resolve domain and see if it points to private IP
             // TODO: Use is_global() once stabilized
             //       https://doc.rust-lang.org/std/net/enum.IpAddr.html#method.is_global
-            let invalid_ip =
-                lookup_host((domain.to_owned(), 80))
-                    .await?
-                    .any(|addr| match addr.ip() {
-                        IpAddr::V4(addr) => {
-                            addr.is_private()
-                                || addr.is_link_local()
-                                || addr.is_loopback()
-                                || addr.is_multicast()
-                        }
-                        IpAddr::V6(addr) => {
-                            addr.is_loopback()
+            let mut ips = lookup_host((domain.to_owned(), 80))
+                .await?
+                .map(|s| s.ip().to_canonical());
+            let invalid_ip = ips.any(|ip| match ip {
+                IpAddr::V4(addr) => {
+                    addr.is_private()
+                        || addr.is_link_local()
+                        || addr.is_loopback()
+                        || addr.is_multicast()
+                }
+                IpAddr::V6(addr) => {
+                    addr.is_loopback()
                         || addr.is_multicast()
                         || ((addr.segments()[0] & 0xfe00) == 0xfc00) // is_unique_local
                         || ((addr.segments()[0] & 0xffc0) == 0xfe80) // is_unicast_link_local
-                        }
-                    });
+                }
+            });
             if invalid_ip {
                 return Err(Error::UrlVerificationError(
                     "Localhost is only allowed in debug mode",