When AllowLocal is not configured or set to null, the request validation filters and middleware will default the behavior to true, allowing local HTTP requests.
This has been raised as a vulnerability internally at Twilio. While this feature is helpful for testing your APIs locally, it is vulnerable to Server-Side Request Forgery.
While this is not an officially supported library, contributors of this library will remediate this vulnerability soon. AllowLocal will default to false in the next major release.
When
AllowLocalis not configured or set tonull, the request validation filters and middleware will default the behavior totrue, allowing local HTTP requests. This has been raised as a vulnerability internally at Twilio. While this feature is helpful for testing your APIs locally, it is vulnerable to Server-Side Request Forgery. While this is not an officially supported library, contributors of this library will remediate this vulnerability soon.AllowLocalwill default tofalsein the next major release.