fizzy icon indicating copy to clipboard operation
fizzy copied to clipboard
Published 3 months ago verified publisher icon basecamp

Security: Web Push SSRF

Open jeremy opened this issue 4 months ago • 0 comments

  • Validate user-provided push URLs
  • Prevent DNS rebinding between restricted IP check and use

Add missing IP ranges to SsrfProtection:

  • 100.64.0.0/10 (Carrier-grade NAT, RFC6598)
  • 198.18.0.0/15 (Benchmark testing, RFC2544)

Note: link-local (169.254.0.0/16) is already covered by ip.link_local?

jeremy avatar Dec 04 '25 07:12 jeremy