Commit 948e5d0
Fix Flowise 6602: add HTTP_ALLOW_LIST to bypass SSRF deny list for trusted hosts
Custom MCP servers reachable via Docker Compose service names (e.g. mcp-server)
resolve into 172.16.0.0/12 and are rejected by checkDenyList. The only prior
escape hatch was HTTP_SECURITY_CHECK=false, which disables SSRF protection
globally.
Introduces HTTP_ALLOW_LIST — a comma-separated list of hostnames whose
deny-list check is skipped. Entries are exact, case-insensitive hostname
matches (no wildcards). Applies to both checkDenyList and the pinned-agent
resolveAndValidate path used by secureFetch / secureAxiosRequest, so redirect
chains remain safe: a hop off an allowed host to an unrelated private IP is
still blocked.
Adds 13 tests covering the allow list, whitespace/case normalization,
DNS-skip behavior in checkDenyList, and the direct-IP + hostname paths in
resolveAndValidate via secureFetch.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>1 parent bb773ff commit 948e5d0
4 files changed
Lines changed: 205 additions & 54 deletions
0 commit comments