Vladimir L.

Thank you @ZanyMonk , that is true, its quite complicated to implement a protection within a service, its a way easier to sandbox the service itself with a properly defined...

Hi @UiP9AV6Y Thank you for your contribution! It's an interesting idea, although the templating was never an advertised feature of this service, more like a convenience. For standard pages (index,...

This make sense, I'll think of it. Maybe even something like this: ``` request-baskets -baskets ./initial-baskets.json ``` where `initial-baskets.json` can look like: ```json { "basket1": { "responses": { "GET": {...

PRs are welcome

> we operate the application in kubernetes and want to avoid access to internal ressources via request-baskets, as it can be turned into an open proxy. That is a very...

I think that the unrestricted forwarding **feature** made the Request Baskets "famous" and got us to the CVE database 😅: https://nvd.nist.gov/vuln/detail/CVE-2023-27163 And some samples of Request Baskets **misuse**, when running...

Hi, This PR is trying to address the issue reported here: #61 See my comment on the issue: unfortunately, Go developers decided to swallow the `Host` header in their HTTP...

Another observation: the current implementation may actually break the request forwarding logic: https://github.com/darklynx/request-baskets/blob/master/baskets.go#L178 I'm not really sure how the `Host` header might be interpreted by a 3rd party service when...

Hi @ZanyMonk Thank you for your valuable contribution to the project. I have no problem to merge your PR, however, I wanted to warn you about limited usefulness of this...