pub fn validate_url_dns(url: &str) -> Result<()>Expand description
SSRF guard with DNS resolution (#301 item 2). Resolves the host
via the stdlib resolver and rejects if ANY returned
SocketAddr’s IP is private / loopback / link-local. Guards
against DNS-rebind attacks where an attacker-controlled hostname
resolves to an internal IP at connect time.
Runs in the dispatch thread (blocking). Best-effort: if DNS fails we let reqwest surface the error rather than fail closed, because transient DNS outages should not silently drop webhook delivery.