Y
Hacker News
new
|
ask
|
show
|
jobs
by
alexsmolen
1934 days ago
Kind of wild that there's no mention of SSRF. A quick search shows it's a pretty frequent security issue in Webhooks:
https://www.google.com/search?q=ssrf+webhook
1 comments
michaelbuckbee
1934 days ago
This would be a good addition: make sure that your HTTP library POSTing the webhook won't follow redirects and is blocked from accessing internal domains.
link