- deny_all_requests = @application_setting.deny_all_requests_except_allowed

= gitlab_ui_form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-outbound-settings'), html: { class: 'fieldset-form' } do |f|
  = form_errors(@application_setting)

  %fieldset
    .form-group
      = f.gitlab_ui_checkbox_component :deny_all_requests_except_allowed,
          s_('OutboundRequests|Block all requests, except for IP addresses, IP ranges, and domain names defined in the allowlist'),
          checkbox_options: { class: 'js-deny-all-requests' }
      = render Pajamas::AlertComponent.new(variant: :warning,
        dismissible: false,
        alert_options: { class: "gl-mb-3 js-deny-all-requests-warning #{'gl-display-none' unless deny_all_requests}" }) do |c|
        = c.body do
          = s_('OutboundRequests|Webhooks and integrations might not work properly.')
      = f.gitlab_ui_checkbox_component :allow_local_requests_from_web_hooks_and_services,
          s_('OutboundRequests|Allow requests to the local network from webhooks and integrations'),
          checkbox_options: { disabled: deny_all_requests, class: 'js-allow-local-requests', data: { qa_selector: 'allow_requests_from_services_checkbox' } }
      = f.gitlab_ui_checkbox_component :allow_local_requests_from_system_hooks,
          s_('OutboundRequests|Allow requests to the local network from system hooks'),
          checkbox_options: { disabled: deny_all_requests, class: 'js-allow-local-requests' }

    .form-group
      = f.label :outbound_local_requests_allowlist_raw, class: 'label-bold' do
        = s_('OutboundRequests|Local IP addresses and domain names that hooks and integrations can access')
      = f.text_area :outbound_local_requests_allowlist_raw, placeholder: "example.com, 192.168.1.1, xn--itlab-j1a.com", class: 'form-control gl-form-input', rows: 8
      %span.form-text.text-muted
        = s_('OutboundRequests|Requests can be made to these IP addresses and domains even when local requests are not allowed. IP ranges such as %{code_start}1:0:0:0:0:0:0:0/124%{code_end} and %{code_start}127.0.0.0/28%{code_end} are supported. Domain wildcards are not supported. To separate entries, use commas, semicolons, or newlines. The allowlist can have a maximum of 1000 entries. Domains must be IDNA-encoded.').html_safe % { code_start: '<code>'.html_safe, code_end: '</code>'.html_safe }
        = link_to _('Learn more.'), help_page_path('security/webhooks.md', anchor: 'allow-outbound-requests-to-certain-ip-addresses-and-domains'), target: '_blank', rel: 'noopener noreferrer'

    .form-group
      = f.gitlab_ui_checkbox_component :dns_rebinding_protection_enabled,
          s_('OutboundRequests|Enforce DNS-rebinding attack protection'),
          help_text: s_('OutboundRequests|Resolve IP addresses for outbound requests to prevent DNS-rebinding attacks.')

  = f.submit _('Save changes'), pajamas_button: true, data: { qa_selector: 'save_changes_button' }