Fix SSRF/credential forwarding via client-supplied baseUrl#30
Merged
cosarah merged 2 commits intoTHU-MAIC:mainfrom Mar 17, 2026
Merged
Fix SSRF/credential forwarding via client-supplied baseUrl#30cosarah merged 2 commits intoTHU-MAIC:mainfrom
cosarah merged 2 commits intoTHU-MAIC:mainfrom
Conversation
cosarah
force-pushed
the
fix/ssrf-credential-forwarding
branch
from
69e76d3 to
bd6d2d5
Compare
cosarah
approved these changes
Mar 17, 2026
Collaborator
cosarah
left a comment
cosarah
left a comment
There was a problem hiding this comment.
LGTM. 核心修复逻辑正确:
- 禁止 server key + client baseUrl 组合 — 10 个路由全部覆盖,避免凭据泄露
- SSRF 校验仅生产环境生效 — 合理,不影响本地开发
- verify-pdf-provider 禁用 redirect — 该路由是唯一直接
fetch的 verify 路由,其他 verify 路由由 SDK 控制,无需额外处理
已本地验证,功能正常。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
问题:当前实现允许客户端传入 baseUrl,同时在未提供 apiKey 时会回退使用服务器环境变量 key,导致服务器可能携带自己的 key 请求攻击者控制的地址(凭据泄露/SSRF)。
修复:禁止 ‘server key + client baseUrl’ 组合:只要自定义 baseUrl,就必须显式提供客户端 key;生产环境增加 SSRF 校验,并对连通性检查禁用重定向。
EN:Description:
Currently, the system allows clients to provide a custom baseUrl. If no apiKey is provided, it falls back to the server's environment variable, which could lead to API key leakage to attacker-controlled endpoints (Credential Leakage/SSRF).
Fixes: 1. Prohibit the combination of 'server-side key + client-provided baseUrl'. 2. Integrated SSRF validation in production environments. 3. Disabled redirects in connectivity checks to further mitigate SSRF risks.