Block private network requests

Chatterino / api

API powering some Chatterino2 features

MIT License

38 stars 19 forks source link

Block private network requests #480

Open pajlada opened 1 year ago

pajlada commented 1 year ago

Currently, the API can make requests to the local network (e.g. 192.168.0.1)

We should block this

See https://datatracker.ietf.org/doc/html/rfc1918

Specifically

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

pajlada commented 12 months ago

Direct requests (e.g. https://192.168.0.1) no longer load as of #529 - there's some additional progress to make sure domains like https://192.168.0.1.nip.io don't load