ghost

Infrastructure/ghost

Fork 0

mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00

Commit graph

Author	SHA1	Message	Date
Kevin Ansfield	64ed246d03	Merge pull request from GHSA-4m2q-w26j-h268 no issue - added an `externalRequest` lib - uses same underlying `got` module as our `request` lib - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked - updated v2 and canary oembed controllers to use the `externalRequest` lib	2020-06-02 14:30:10 +01:00

Author

SHA1

Message

Date

Kevin Ansfield

64ed246d03

Merge pull request from GHSA-4m2q-w26j-h268

no issue

- added an `externalRequest` lib
  - uses same underlying `got` module as our `request` lib
  - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block
  - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked
- updated v2 and canary oembed controllers to use the `externalRequest` lib

2020-06-02 14:30:10 +01:00

1 commit