Top 7.0% forks on proxy.golang.org
proxy.golang.org : github.com/skx/remotehttp
Package remotehttp is a minor wrapper around a http.Transport which will refuse to fetch local resources. This package is specifically designed to avoid security attacks which might result from making HTTP-requests with user-supplied URLs. A prime example of this happening would be a web-service which is designed to fetch a document then convert it to PDF. If the user requests a URL such as `http://localhost/server-status` they would receive a PDF file of private information which they should not have been able to access. Of course you must make sure that users don't request `file://`, `ftp://` and other resources, but this wrapper will allow you to easily ensure that people cannot access your AWS-metadata store, or any other "internal" resources. Example shows how access to `http://localhost/server-status` is easily denied.
Registry
-
Source
- Documentation
- JSON
purl: pkg:golang/github.com/skx/remotehttp
Keywords:
go
, golang
, http
, library
, security
, transport
, utility
, wrapper
License: GPL-2.0
Latest release: over 4 years ago
First release: about 5 years ago
Namespace: github.com/skx
Stars: 8 on GitHub
Forks: 2 on GitHub
See more repository details: repos.ecosyste.ms
Funding links: https://github.com/sponsors/skx, https://steve.fi/donate/
Last synced: 13 days ago