Switch SSRF protection in web-loader to use @microsoft/antissrf, removing custom IP range logic. This centralizes and future-proofs SSRF mitigation by leveraging maintained policy sets and DNS-aware enforcement. Error handling in the import-url API route is updated to recognize new policy error messages. Dependency added to package.json. |
||
|---|---|---|
| .. | ||
| client | ||
| server | ||
| shared | ||