proxy.golang.org : github.com/skx/remotehttp : v0.5.0

Package remotehttp is a minor wrapper around a http.Transport which will refuse to fetch local resources. This package is specifically designed to avoid security attacks which might result from making HTTP-requests with user-supplied URLs. A prime example of this happening would be a web-service which is designed to fetch a document then convert it to PDF. If the user requests a URL such as `http://localhost/server-status` they would receive a PDF file of private information which they should not have been able to access. Of course you must make sure that users don't request `file://`, `ftp://` and other resources, but this wrapper will allow you to easily ensure that people cannot access your AWS-metadata store, or any other "internal" resources. Example shows how access to `http://localhost/server-status` is easily denied.

Registry - Documentation - Download - JSON - codemeta.json
purl: pkg:golang/github.com/skx/remotehttp@v0.5.0
Published: almost 5 years ago
Indexed: over 3 years ago