api icon indicating copy to clipboard operation
api copied to clipboard

Published 20 hours ago verified publisher icon Chatterino

Block private network requests

Open pajlada opened this issue 1 year ago • 1 comments

Currently, the API can make requests to the local network (e.g. 192.168.0.1)

We should block this

See https://datatracker.ietf.org/doc/html/rfc1918

Specifically

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

pajlada avatar May 25 '23 11:05 pajlada

Direct requests (e.g. https://192.168.0.1) no longer load as of #529 - there's some additional progress to make sure domains like https://192.168.0.1.nip.io don't load

pajlada avatar Sep 13 '23 19:09 pajlada