Defensive Programming can be very easy with Symfony HttpClient

If your app lets users submit URLs that you then fetch, for link previews, webhooks, or RSS feeds, you have a serious security problem waiting to happen. An attacker can submit something like http://127.0.0.1/admin or http://169.254.169.254 (AWS metadata endpoint) and your server will happily fetch it. That's called a S erver- S ide R equest F orgery attack, or SSRF . Symfony has a built-in solution: NoPrivateNetworkHttpClient . So your code: class LinkPreviewController { public function __construct ( private HttpClientInterface $client , ) {} #[Route('/api/preview', methods: ['POST'])] public function preview ( Request $request , ): JsonResponse { $url = $request -> getPayload () -> getString ( 'url' ); $response = $this -> client -> request ( 'GET' , $url ); return new JsonResponse ( $response -> getContent () ); } } Becomes: class LinkPreviewController { private HttpClientInterface $safeClient ; public function __construct ( HttpClientInterface $client , ) { $this -> safeClient = ne

Defensive Programming can be very easy with Symfony HttpClient

Related Articles

We still highly recommend these 3 older laptop models - especially while they're on sale

RefundYourSOL (RYS): Recovering Lost Value in the Solana Ecosystem

Best Free Developer Tools Online (2026)

Go’s Error Evolution: Best Practices for Cleaner, More Inspectable Code in 2026

Exposé

Related Articles

News
We still highly recommend these 3 older laptop models - especially while they're on sale
ZDNet • 20h ago

News
RefundYourSOL (RYS): Recovering Lost Value in the Solana Ecosystem
Medium Programming • 20h ago

News
Best Free Developer Tools Online (2026)
Medium Programming • 21h ago

News
Go’s Error Evolution: Best Practices for Cleaner, More Inspectable Code in 2026
Medium Programming • 21h ago

News
Exposé
Hackernoon • 21h ago