Ghost

OpenSourceArk/Ghost

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kevin Ansfield	73429589bd	Reverted to previous user-agent for bookmark and oembed requests no issue - need to document changes so that external systems can adapt to the revised user-agent	2020-06-15 16:02:04 +01:00
Kevin Ansfield	64ed246d03	Merge pull request from GHSA-4m2q-w26j-h268 no issue - added an `externalRequest` lib - uses same underlying `got` module as our `request` lib - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked - updated v2 and canary oembed controllers to use the `externalRequest` lib	2020-06-02 14:30:10 +01:00

Author

SHA1

Message

Date

Kevin Ansfield

73429589bd

Reverted to previous user-agent for bookmark and oembed requests

no issue

- need to document changes so that external systems can adapt to the revised user-agent

2020-06-15 16:02:04 +01:00

Kevin Ansfield

64ed246d03

Merge pull request from GHSA-4m2q-w26j-h268

no issue

- added an `externalRequest` lib
  - uses same underlying `got` module as our `request` lib
  - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block
  - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked
- updated v2 and canary oembed controllers to use the `externalRequest` lib

2020-06-02 14:30:10 +01:00

2 Commits