You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 2, 2024. It is now read-only.
when someone use fast-proxy like:
and give the req.url like "//10.10.10.10/", the result of getReqUrl method is:
but the result we expected is:
it can be used to make SSRF attack.
so i suggest to pollyfill the method getResUrl:
when we give new URL instance, we need to exclude some source that begin with '//', to make it like '/'.
The text was updated successfully, but these errors were encountered: