Commit Graph

8 Commits

Author SHA1 Message Date
Lucas Smith 8f68393241 fix: tighten permission and validation checks (#3046) 2026-06-29 13:15:13 +10:00
Lucas Smith 6b1b1d0417 fix: improve webhook execution (#2608)
Webhook URLs were being fetched without validating whether they
resolved to private/loopback addresses, exposing the server to SSRF.

Current SSRF is best effort and fail open, you should never host
services that
you cant risk exposure of.

This extracts webhook execution into a shared module that validates
URLs against private IP ranges (including DNS resolution), enforces
timeouts, and disables redirect following. The resend route now
queues through the job system instead of calling fetch inline.
2026-03-13 15:02:09 +11:00
David Nguyen c1c7cfaf8b chore: cleanup 2025-02-25 16:37:36 +11:00
David Nguyen 383b5f78f0 feat: migrate nextjs to rr7 2025-02-13 14:10:38 +11:00
Catalin Pit 00a7389af3 chore: implemented feedback 2024-02-28 08:13:28 +02:00
Catalin Pit f0a511e238 chore: refactor code 2024-02-27 15:22:02 +02:00
Mythie c2daa964c0 chore: use cuids for webhooks 2024-02-27 12:13:56 +11:00
Catalin Pit fab4992e13 feat: add zapier support 2024-02-24 11:18:58 +02:00