Add bypass host validation specifically for internal webhook URL

[MarceloRGonc]

Fixes OPS-4071

[linear]

OPS-4071 Bypass host validation specifically for internal webhook URLs on the HTTP block

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Adds an exception to host validation to allow calling the instance’s public webhook sync endpoint (even if it resolves to a private IP), addressing OPS-4071.

Changes:

• Introduces validateHostAllowingPublicWebhookUrl in server-shared host validation.
• Updates HTTP block “Send HTTP request” action to use the new validation helper.
• Adds unit tests covering the webhook exception behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
packages/server/shared/test/host-validation/index.test.ts	Adds tests for validateHostAllowingPublicWebhookUrl, including webhook-URL exception cases.
packages/server/shared/src/lib/host-validation/index.ts	Implements validateHostAllowingPublicWebhookUrl using networkUtls.getPublicUrl() and a webhook URL regex.
packages/blocks/http/src/lib/actions/send-http-request-action.ts	Switches validation to validateHostAllowingPublicWebhookUrl for request URL and proxy host.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.