You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: http_client.rst
+11-2Lines changed: 11 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -787,9 +787,17 @@ recommended in production.
787
787
SSRF (Server-side request forgery) Handling
788
788
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
789
789
790
-
[SSRF](https://portswigger.net/web-security/ssrf) allows an attacker to induce the backend application to make HTTP requests to an arbitrary domain. These attacks can also target the internal hosts and IPs of the attacked server.
790
+
.. versionadded:: 5.1
791
+
792
+
The SSRF protection was introduced in Symfony 5.1.
793
+
794
+
`SSRF`_ allows an attacker to induce the backend application to make HTTP
795
+
requests to an arbitrary domain. These attacks can also target the internal
796
+
hosts and IPs of the attacked server.
791
797
792
-
If you use an ``HttpClient`` together with user-provided URIs, it is probably a good idea to decorate it with a ``NoPrivateNetworkHttpClient``. This will ensure local networks are made inaccessible to the HTTP client::
798
+
If you use an ``HttpClient`` together with user-provided URIs, it is probably a
799
+
good idea to decorate it with a ``NoPrivateNetworkHttpClient``. This will
800
+
ensure local networks are made inaccessible to the HTTP client::
793
801
794
802
use Symfony\Component\HttpClient\HttpClient;
795
803
use Symfony\Component\HttpClient\NoPrivateNetworkHttpClient;
@@ -1932,3 +1940,4 @@ test it in a real application::
0 commit comments