As reported on my issue (https://github.com/OpenTermsArchive/contribution-tool/issues/158), we modified the code in order to prevent the possibility to use the server to interact with the internal URLs.
Compared to the previous version we proposed, we have added a function to verify the various address classes (IPV4, IPV6, aliases, etc.) by handling everything on the backend side and not on the frontend side. The error message is displayed to the user like all other fetching errors.
As reported on my issue (https://github.com/OpenTermsArchive/contribution-tool/issues/158), we modified the code in order to prevent the possibility to use the server to interact with the internal URLs. Compared to the previous version we proposed, we have added a function to verify the various address classes (IPV4, IPV6, aliases, etc.) by handling everything on the backend side and not on the frontend side. The error message is displayed to the user like all other fetching errors.