openproject

references/openproject

Fork 0

mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00

Commit Graph

Author	SHA1	Message	Date
Jan Sandbrink	294611cc59	Add SSRF filter for HTTPX Filtering in front of HTTPX calls is less secure, because it's vulnerable to DNS rebinding. In addition to that it's also duplicate work, because all affected callsites would have to make sure to "remember" SSRF filtering. This SSRF filter is inspired by the original HTTPX SSRF Filter, but using our custom IP address matcher that allows to configure safe IP addresses or ranges.	2026-06-03 09:56:48 +02:00

Author

SHA1

Message

Date

Jan Sandbrink

294611cc59

Add SSRF filter for HTTPX

Filtering in front of HTTPX calls is less secure, because it's vulnerable to
DNS rebinding. In addition to that it's also duplicate work, because all affected
callsites would have to make sure to "remember" SSRF filtering.

This SSRF filter is inspired by the original HTTPX SSRF Filter, but using our custom
IP address matcher that allows to configure safe IP addresses or ranges.

2026-06-03 09:56:48 +02:00

1 Commits