From comparing zat with atmos: identity resolution should use an SSRF-aware path for user-controlled handles and did:web hosts. Scope: refuse private, loopback, link-local, and unspecified IPs where possible; enforce small response limits for DID documents and .well-known handle responses; preserve clear error names; add focused tests around non-routable address rejection and body limits.
atproto utils for zig
zat.dev
atproto
sdk
zig
Harden identity resolution for network safety #11
open
opened by
zzstoatzz.io
closed by https://tangled.org/zat.dev/zat/pulls/1