coolify

rosslh/coolify

Fork 0

Commit graph

Author	SHA1	Message	Date
Andras Bacsai	0b8c75f8ed	fix(webhooks): add validation to block unsafe webhook URLs Prevent server-side request forgery (SSRF) attacks by validating webhook URLs before sending requests. Blocks loopback addresses, cloud metadata endpoints, and localhost URLs. - Add SafeWebhookUrl rule validation in SendWebhookJob.handle() - Log warning when unsafe URLs are rejected - Add comprehensive unit tests covering valid and invalid URL scenarios	2026-03-28 14:23:08 +01:00

Author

SHA1

Message

Date

Andras Bacsai

0b8c75f8ed

fix(webhooks): add validation to block unsafe webhook URLs

Prevent server-side request forgery (SSRF) attacks by validating webhook URLs before sending requests. Blocks loopback addresses, cloud metadata endpoints, and localhost URLs.

- Add SafeWebhookUrl rule validation in SendWebhookJob.handle()
- Log warning when unsafe URLs are rejected
- Add comprehensive unit tests covering valid and invalid URL scenarios

2026-03-28 14:23:08 +01:00

1 commit