Commit Graph

5 Commits

Author SHA1 Message Date
Jeremy Daer 496851b255 Security: Web Push SSRF and IP range bypass
Add SSRF protection for web push endpoints:
- Resolve endpoint IP once and pin it for connection
- Validate endpoints resolve to public IPs
- Whitelist permitted push service hosts

Add missing IP ranges to SsrfProtection:
- 100.64.0.0/10 (Carrier-grade NAT, RFC6598)
- 198.18.0.0/15 (Benchmark testing, RFC2544)

Note: link-local (169.254.0.0/16) is already covered by ip.link_local?
2025-12-04 21:35:55 -08:00
Jason Zimdars 0f28ded99e Send email from support@fizzy.do 2025-11-11 10:47:30 -06:00
Jason Zimdars 83f7bd4346 Use icon with background included 2025-07-15 21:40:04 -05:00
Jason Zimdars 7dbb9c7a9e Fix icon path 2025-07-15 18:47:44 -05:00
Jason Zimdars e59a994a0c Add db table and models 2025-07-14 19:57:30 -05:00