ISecureUriValidator Interface
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.SecureHttpFetch
ISecureUriValidator Interface
Applies the synchronous portion of the SSRF policy (scheme allow-list, internal-hostname and private/reserved IP-literal blocking) configured by SecureHttpFetchOptions to a URI. Used both by the outbound HTTP handler immediately before a request and at registration time to reject client-supplied URIs the server would later fetch (e.g. a back-channel logout endpoint).
public interface ISecureUriValidator
Derived
↳ SecureUriValidator
Remarks
This check is deliberately DNS-free: resolving a hostname is a runtime concern (and a registration would otherwise fail for a client whose endpoint is not yet deployed). The outbound handler still re-resolves and re-validates addresses immediately before each request to defeat DNS rebinding.
Methods
ISecureUriValidator.Validate(Uri) Method
Validates a URI against the configured SSRF policy without resolving DNS.
string? Validate(System.Uri uri);
Parameters
uri System.Uri
The URI to validate.
Returns
System.String
null when the URI is allowed; otherwise a human-readable reason for the rejection.