SID-TRANS-04 — SSRF-Protected HTTP Client
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Transport Security Controls |
Description
SafeHTTPClient blocks: private IP ranges, cloud metadata endpoints (169.254.169.254), DNS rebinding, non-HTTPS connections. Host allowlisting supported. Response body size limits: 10MB general, 1MB JWKS/discovery, 64KB errors.
Components
Source References
Framework Requirements
EUDI Security Requirements: WUH-8.3.2-Sec-01
FitCEM Wallet Instance: FIT-DC-01
ISO 27001 Annex A: A.8.20, A.8.21, A.8.23, A.8.28
OWASP ASVS 4.0.3 Level 3: V1.5, V5.2, V12.6
STRIDE Threat Model: TR-S-1