this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

relay: add basic SSRF protection to CheckHost

+7 -1
+7 -1
cmd/relay/relay/host_checker.go
··· 4 4 "context" 5 5 "fmt" 6 6 "net/http" 7 + "time" 7 8 8 9 comatproto "github.com/bluesky-social/indigo/api/atproto" 9 10 "github.com/bluesky-social/indigo/atproto/identity" 11 + "github.com/bluesky-social/indigo/util/ssrf" 10 12 "github.com/bluesky-social/indigo/xrpc" 11 13 ) 12 14 ··· 30 32 if userAgent == "" { 31 33 userAgent = "indigo-relay (atproto-relay)" 32 34 } 35 + c := http.Client{ 36 + Timeout: 5 * time.Second, 37 + Transport: ssrf.PublicOnlyTransport(), 38 + } 33 39 return &HostClient{ 34 - Client: http.DefaultClient, 40 + Client: &c, 35 41 UserAgent: userAgent, 36 42 } 37 43 }