remoteurl

package
v0.43.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 22, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const AllowInsecureRemoteURLEnv = "DOCKER_MCP_ALLOW_INSECURE_REMOTE_URLS"

AllowInsecureRemoteURLEnv enables local/dev remote MCP endpoints. Production defaults allow only public HTTPS destinations.

Variables

This section is empty.

Functions

func DirectTransport 

func DirectTransport() http.RoundTripper

func GuardDirectTransport 

func GuardDirectTransport() http.RoundTripper

func GuardTransport 

func GuardTransport(base http.RoundTripper) http.RoundTripper

func GuardTrustedProxyDialer 

func GuardTrustedProxyDialer(dialer TrustedProxyDialer) http.RoundTripper

GuardTrustedProxyDialer validates request and redirect URLs, then sends traffic through a trusted local HTTP proxy socket dialer. Use it only with Docker Desktop's hardcoded local proxy socket.

Unlike GuardTransport's direct path, this proxy path cannot pin the dialed IP after validation because Docker Desktop's proxy resolves and dials the final target. The validator still rejects blocked request and redirect URLs before the proxy is dialed, but a narrow DNS-rebinding race remains accepted here to preserve Docker Desktop proxy semantics.

func NewDirectHTTPClient 

func NewDirectHTTPClient(timeout time.Duration) *http.Client

func NewHTTPClient 

func NewHTTPClient(timeout time.Duration, base http.RoundTripper) *http.Client

func NewTrustedProxyHTTPClient 

func NewTrustedProxyHTTPClient(timeout time.Duration, dialer TrustedProxyDialer) *http.Client

NewTrustedProxyHTTPClient returns a guarded client for a trusted local proxy dialer, such as Docker Desktop's proxy socket dialer.

func Validate 

func Validate(ctx context.Context, rawURL string) error

Types

type Options 

type Options struct {
	AllowInsecure bool
	Resolver      resolver
}

type TrustedProxyDialer 

type TrustedProxyDialer func(context.Context) (net.Conn, error)

TrustedProxyDialer dials a trusted local HTTP proxy socket.

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

func DefaultValidator 

func DefaultValidator() Validator

func NewValidator 

func NewValidator(options Options) Validator

func (Validator) GuardTransport 

func (v Validator) GuardTransport(base http.RoundTripper) http.RoundTripper

func (Validator) GuardTrustedProxyDialer 

func (v Validator) GuardTrustedProxyDialer(dialer TrustedProxyDialer) http.RoundTripper

GuardTrustedProxyDialer validates request and redirect URLs, then sends traffic through a trusted local HTTP proxy socket dialer. Use it only with Docker Desktop's hardcoded local proxy socket.

Unlike GuardTransport's direct path, this proxy path cannot pin the dialed IP after validation because Docker Desktop's proxy resolves and dials the final target. The validator still rejects blocked request and redirect URLs before the proxy is dialed, but a narrow DNS-rebinding race remains accepted here to preserve Docker Desktop proxy semantics.

func (Validator) Validate 

func (v Validator) Validate(ctx context.Context, rawURL string) error

func (Validator) ValidateURL 

func (v Validator) ValidateURL(ctx context.Context, u *url.URL) error

func (Validator) ValidateURLWithoutResolution 

func (v Validator) ValidateURLWithoutResolution(u *url.URL) error

ValidateURLWithoutResolution applies URL safety checks that do not require DNS. It rejects unsafe schemes, userinfo, unsafe hostname forms, and disallowed IP literals. Call ValidateURL or use a guarded transport before network access.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.