Magic wrapper to deny HTTP-requests to to "local" resources.
GPL-2.0 License
This repository contains a trivial helper for making secure HTTP-requests with golang.
Imagine you have a service to which users to submit tasks containing references to remote objects (HTTP-URLs).
Now imagine what happens if the user supplies URLs such as these, as input to your service:
This package allows you to prevent these inputs from being processed, easily.
Sample usage can be found in remotehttp_example_test.go.
This wrapper-library only considers the case of http
and https
schemas; if you're accepting URIs of your own you should absolutely sanity-check you've not been given something with a file://
, or ftp://
prefix (and more!)
Other things you'll want to consider:
Steve