Duansg opened a new pull request, #3866:
URL: https://github.com/apache/hertzbeat/pull/3866
## What's changed?
Add trusted domains to prevent potential risks such as SSRF attacks caused
by externally inputted URLs.
For reference:
[huaweicloud
regions](https://github.com/huaweicloud/huaweicloud-sdk-go-v3/blob/5cbdd5a9e88e545693e08f0fa70a1ec76f044992/services/smn/v2/region/region.go#L4)
Modification details:
1. Add verification for trusted domains used in auto-subscription.
2. Add verification of trusted domains for message authentication.
2. Add test cases and pass historical test cases.
## Checklist
- [x] I have read the [Contributing
Guide](https://hertzbeat.apache.org/docs/community/code_style_and_quality_guide)
- [ ] I have written the necessary doc or comment.
- [x] I have added the necessary unit tests and all cases have passed.
## Add or update API
- [ ] I have added the necessary [e2e
tests](https://github.com/apache/hertzbeat/tree/master/e2e) and all cases have
passed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
