Improve send_callback Function #426
Description
The current send_callback implementations in backend/app/utils.py and backend/app/api/routes/threads.py are vulnerable to SSRF attacks and lack consistent safety checks.
Research and update send_callback to follow best practices for secure outbound callbacks
Add URL validation to prevent SSRF (localhost, private IPs, metadata endpoints).
Enforce HTTPS-only URLs.
Disable redirects or revalidate on each redirect.
Apply consistent short timeouts and response size limits.
Goal:
Ensure send_callback is secure, robust, and aligned with industry best practices for sending HTTP callbacks safely.
Metadata
Metadata
Assignees
Labels
Type
Projects
Status