This fixes the problem of build/preview webhook being silently ignored when its host resolves to a private IP address. The problem originates from ActionMonitor::trigger_dispatch calling wp_safe_remote_post which in turn uses wp_http_validate_url. wp_http_validate_url deems private IP addresses invalid.
Currently it's impossible to to call a webhook in a local network. The same applies to Docker which uses private IP addressing.
Changing wp_safe_remote_post to its unsafe variant does not compromise security in this case, because:
webhook URLs are not dynamic or user-provided (which is the main concern of safe variants)
This fixes the problem of build/preview webhook being silently ignored when its host resolves to a private IP address. The problem originates from
ActionMonitor::trigger_dispatch
callingwp_safe_remote_post
which in turn useswp_http_validate_url
.wp_http_validate_url
deems private IP addresses invalid.Currently it's impossible to to call a webhook in a local network. The same applies to Docker which uses private IP addressing.
Changing
wp_safe_remote_post
to its unsafe variant does not compromise security in this case, because: