SSRF/CSRF

[Som-Som-CC]

Client function CheckRedirect is used to protect against some forms of Server-side request forgery (SSRF) / Cross-site request forgery (CSRF) attacks. It would be, however, more convenient to have some prepared functions. Such as

• NoRedirect: Blocking any redirect, simply returning http.ErrUseLastResponse.
• NoRedirectToOtherHosts: Blocking redirect to other host names. Though port may be different, allowing http to https redirects. Protocol downgrade must not be allowed, though.
• NoRedirectToOtherDomains: Blocking redirects to host names which are either not equal to or not being a subdomain of the original one. Like host == orighost || strings.HasSuffix(host, "."+orighost). No protocol downgrade allowed.
• FollowRedirect: Set CheckRedirect to nil. That is the default behavior of http.Client. Setting that explicitly could help if the default behavior of restful Client happens to change. (Python httpx does not follow redirects by default, and that can be a good thing.)

Note that redirect is just one way of performing SSRF attack. The original address, e.g. received in form of a callback address, can be maliciously constructed, too. That is not covered by this change request.

Refs:

• https://en.wikipedia.org/wiki/Server-side_request_forgery
• https://en.wikipedia.org/wiki/Cross-site_request_forgery
• https://owasp.org/www-community/attacks/Server_Side_Request_Forgery

[Som-Som-CC]

Even if redirection is allowed client's HTTPS() settings must be applied. As it is implemented in Do(), that must work automatically.