Class UrlGuard

A URL allow-list that can be reconfigured after construction.

Index

Constructors

Methods

check getAllowedSuffixes setAllowedSuffixes

Constructors

constructor

new UrlGuard(): UrlGuard
Returns UrlGuard

Methods

check

check(rawUrl: string): void
Validate rawUrl against the allow-list. Throws B2SsrfError if the URL points at a literal IP, a known-internal hostname, or a host outside the allowed suffixes. Permissive (no-op) when no suffixes have been configured yet.
Parameters
- rawUrl: string
  The URL the caller is about to fetch.
Returns void
Throws
A B2SsrfError when the URL is rejected.
- Defined in http/url-guard.ts:78

getAllowedSuffixes

getAllowedSuffixes(): readonly string[]
Returns the current allowed-suffix list (for tests and diagnostics).

Returns readonly string[]
The currently-configured list of allowed host suffixes.
- Defined in http/url-guard.ts:64

setAllowedSuffixes

setAllowedSuffixes(suffixes: readonly string[]): void
Lock the guard to the given host suffixes. A suffix matches a host either exactly or as a *.suffix subdomain. For example, backblazeb2.com allows api.backblazeb2.com and s3.us-west-004.backblazeb2.com.

Passing an empty array disables the guard (used by the simulator and other test setups). Production code should always lock the guard after a successful b2_authorize_account.
Parameters
- suffixes: readonly string[]
  Allowed host suffixes.
Returns void
- Defined in http/url-guard.ts:55