Describe the bug
A regression introduced after the fix for the "SSRF in Webhooks" vulnerability (GHSA-vwq2-jx9q-9h9f). The fix prevents creating webhooks that target internal services, private networks, or similar endpoints.
While the security fix is correct and fully appreciated, it also blocks valid use cases where webhooks need to reach internal services in controlled environments.
To Reproduce
Steps to reproduce the behavior:
- Run Soft Serve on a recent version (after the SSRF fix from Nov 10, 2025)
- Attempt to create a webhook pointing to an internal service (e.g., http://localhost or a private network address)
- Observe that the webhook is rejected or not allowed
Expected behavior
It should be possible (optionally) to create webhooks targeting internal services when explicitly allowed by the user, for example via a configuration flag.
Environment (please complete the following information):
- OS: Linux
- Terminal: any
- Version: latest (post SSRF fix)
Additional context
A real-world example where internal webhooks are required can be found here: https://github.com/tandiljuan/dsd/tree/master/teal#test-whole-flow
Currently, the only workaround is to use a version prior to the SSRF fix: https://github.com/tandiljuan/dsd/blob/master/teal/swarm/repo.yaml#L17
Proposal
I fully support the security fix and have no objections to the default behavior.
However, I would like to propose adding an explicit opt-in mechanism (for example, a flag like --allow-internal) to allow webhook creation targeting internal services in trusted environments.
This would preserve secure defaults while enabling advanced or self-hosted use cases.
Thanks a lot for this wonderful project and all the work you put into it!
Describe the bug
A regression introduced after the fix for the "SSRF in Webhooks" vulnerability (GHSA-vwq2-jx9q-9h9f). The fix prevents creating webhooks that target internal services, private networks, or similar endpoints.
While the security fix is correct and fully appreciated, it also blocks valid use cases where webhooks need to reach internal services in controlled environments.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
It should be possible (optionally) to create webhooks targeting internal services when explicitly allowed by the user, for example via a configuration flag.
Environment (please complete the following information):
Additional context
A real-world example where internal webhooks are required can be found here: https://github.com/tandiljuan/dsd/tree/master/teal#test-whole-flow
Currently, the only workaround is to use a version prior to the SSRF fix: https://github.com/tandiljuan/dsd/blob/master/teal/swarm/repo.yaml#L17
Proposal
I fully support the security fix and have no objections to the default behavior.
However, I would like to propose adding an explicit opt-in mechanism (for example, a flag like
--allow-internal) to allow webhook creation targeting internal services in trusted environments.This would preserve secure defaults while enabling advanced or self-hosted use cases.
Thanks a lot for this wonderful project and all the work you put into it!