Validate a URL for SSRF protection.
This function validates URLs to prevent Server-Side Request Forgery (SSRF) attacks by blocking requests to private networks and cloud metadata endpoints.
validate_safe_url(
url: str | AnyHttpUrl,
*,
allow_private: bool = False,
allow_http: bool = True
) -> str| Name | Type | Description |
|---|---|---|
url* | str | AnyHttpUrl | The URL to validate (string or Pydantic HttpUrl) |
allow_private | bool | Default: FalseIf True, allows private IPs and localhost (for development). Cloud metadata endpoints are ALWAYS blocked. |
allow_http | bool | Default: TrueIf True, allows both HTTP and HTTPS. If False, only HTTPS. |