bridgy-fed
bridgy-fed copied to clipboard
snarfed
prevent SSRF in ATProto, Nostr websocket connections
Need to block localhost domains, GCP internal domains, internal IP ranges, non-wss schemes, etc.
https://owasp.org/www-community/attacks/Server_Side_Request_Forgery https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
