Ghost/core/server/lib
Kevin Ansfield 64ed246d03
Merge pull request from GHSA-4m2q-w26j-h268
no issue

- added an `externalRequest` lib
  - uses same underlying `got` module as our `request` lib
  - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block
  - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked
- updated v2 and canary oembed controllers to use the `externalRequest` lib
2020-06-02 14:30:10 +01:00
..
common Moved core/server/lib/common/logging to core/shared/logging (#11857) 2020-05-28 19:30:23 +01:00
fs Refactor common pattern in service files 2020-04-30 20:48:42 +01:00
image Moved core/server/lib/common/logging to core/shared/logging (#11857) 2020-05-28 19:30:23 +01:00
promise Updated var declarations to const/let and no lists 2020-04-29 16:51:13 +01:00
security Updated var declarations to const/let and no lists 2020-04-29 16:51:13 +01:00
constants.js Moved utils constants to lib/constants 2017-12-14 14:13:40 +01:00
ghost-version.js Updated var declarations to const/let and no lists 2020-04-29 16:51:13 +01:00
mobiledoc.js Moved core/server/lib/common/logging to core/shared/logging (#11857) 2020-05-28 19:30:23 +01:00
request-external.js Merge pull request from GHSA-4m2q-w26j-h268 2020-06-02 14:30:10 +01:00
request.js Updated var declarations to const/let and no lists 2020-04-29 16:51:13 +01:00