2

The idea was to allow users to enter a URL inside the application that would send a request to my backend, fetch the data, and load it into a local cache (Apollo/GraphQL). The only sensitive data sent to the server is a JWT attached in the headers with a user ID. The app is hosted on heroku with config vars with a mongo URI.

If this is not safe (potential SSRF attack), are there any ways to mitigate this kind of attack? I am curious what information is exposed if the attack succeeds.

Adam Johnston
  • 121
  • 2
  • 1
    Welcome to Security.SE! This question I think needs some clarification. To answer the question as it is asked: No. This is called SSRF, or Server-side Request Forgery. It is going to allow users to request content that you never intended them to request. What I'd do in this scenario with an application team is ask them a) what the intention of the functionality is, b) about intended endpoints and c) what checks they have in place to control where users can make requests. With that said, can you update your question outlining what mitigations you intend to have in place? – h4ckNinja Nov 26 '19 at 06:10
  • I've answered the question here https://security.stackexchange.com/a/207348/180660 – Marat Mkhitaryan Nov 27 '19 at 09:40

0 Answers0