farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-28 19:00:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bugfix/Validate URL for postCore (#4172)

Browse Source 
validare url for postCore
This commit is contained in:
Henry Heng
2025-03-13 20:00:32 +00:00
committed by GitHub
parent 2b9a1ae316
commit c5455137f9
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/components/nodes/chains/ApiChain/postCore.ts
+15
View File
@@ -92,6 +92,21 @@ export class APIChain extends BaseChain implements APIChainInput {
const { url, data } = JSON.parse(api_url_body) const { url, data } = JSON.parse(api_url_body)
// Validate request is not to internal/private networks
const urlObj = new URL(url)
const hostname = urlObj.hostname
if (
hostname === 'localhost' ||
hostname === '127.0.0.1' ||
hostname.startsWith('192.168.') ||
hostname.startsWith('10.') ||
hostname.startsWith('172.16.') ||
hostname.includes('internal')
) {
throw new Error('Access to internal networks is not allowed')
}
const res = await fetch(url, { const res = await fetch(url, {
method: 'POST', method: 'POST',
headers: this.headers, headers: this.headers,