safehttp

package
v0.0.0-...-2a449b3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 21, 2025 License: AGPL-3.0 Imports: 6 Imported by: 0

Documentation

Overview

Package safehttp can be used for making http requests when the hostname is not trusted (user inputs). It will avoid SSRF by ensuring that the IP address which will connect is not a private address, or loopback. It also checks that the port is 80 or 443, not anything else.

Index

Constants

This section is empty.

Variables

View Source 
var ClientWithKeepAlive = &http.Client{
	Transport: transportWithKeepAlive,
}

ClientWithKeepAlive is an http client that can be used to avoid SSRF. And it has keep-alive (contrary to safehttp.DefaultClient). The typical use case is moving a Cozy.

View Source 
var DefaultClient = &http.Client{
	Timeout:   10 * time.Second,
	Transport: safeTransport,
}

DefaultClient is an http client that can be used instead of http.DefaultClient to avoid SSRF. It has the same default configuration, except it disabled keep-alive, as it is probably not useful in such cases.

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.