Skip to main content

ISecureUriValidator Interface

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.SecureHttpFetch

ISecureUriValidator Interface

Applies the synchronous portion of the SSRF policy (scheme allow-list, internal-hostname and private/reserved IP-literal blocking) configured by SecureHttpFetchOptions to a URI. Used both by the outbound HTTP handler immediately before a request and at registration time to reject client-supplied URIs the server would later fetch (e.g. a back-channel logout endpoint).

public interface ISecureUriValidator

Derived
SecureUriValidator

Remarks

This check is deliberately DNS-free: resolving a hostname is a runtime concern (and a registration would otherwise fail for a client whose endpoint is not yet deployed). The outbound handler still re-resolves and re-validates addresses immediately before each request to defeat DNS rebinding.

Methods

ISecureUriValidator.Validate(Uri) Method

Validates a URI against the configured SSRF policy without resolving DNS.

string? Validate(System.Uri uri);

Parameters

uri System.Uri

The URI to validate.

Returns

System.String
null when the URI is allowed; otherwise a human-readable reason for the rejection.