Skip to content
Back to Milestones

M3 — Security hardening + receiver verify

Open
No due date
Last updated Jun 28, 2026

Non-bypassable SSRF guard (HTTPS-only, IP filtering, anti-rebinding, no-redirect); payload/response caps; secret-at-rest via host IDataProtectionProvider; WebhookVerifier + timestamp replay protection.

0% complete

List view