Skip to main content

guarded_get

Function guarded_get 

Source
pub async fn guarded_get(
    client: &Client,
    url: &str,
    extra_headers: &[(HeaderName, HeaderValue)],
) -> Result<Response>
Expand description

Fetch a user-supplied URL through the full SSRF guard: scheme + IP checks on the initial URL and on every redirect hop, following redirects manually.

The passed client is used only as a policy reference; each hop is actually sent through a freshly-built [pinned_client] whose DNS for the target host is pinned to the exact IP that just passed [resolve_and_check] — so the connect can’t be rebound onto an internal address between the check and the TCP handshake.

extra_headers are applied to every hop (e.g. the conditional-GET If-None-Match / If-Modified-Since validators). Returns the final Response (headers only; the body is read separately via read_capped). Err on a blocked scheme/address, an exhausted redirect budget, or a transport error.