Security | CrossConnection

CrossConnection Docs

Interactive package documentation

SSRF Guard and Security Controls

Configure request boundaries and log redaction behavior explicitly.

Security Configuration

1import { createCrossConnection } from "cross-connection";
2
3const client = createCrossConnection({
4  security: {
5    blockPrivateIPs: true,
6    blockPrivateIPv6: true,
7    blockLocalhost: true,
8    allowHosts: ["api.example.com", "*.trusted.internal"],
9    redactHeaders: ["authorization", "cookie", "x-api-key"],
10  },
11});

Rejects localhost and private network targets where configured.
Supports host allowlisting with wildcard patterns.
Redacts sensitive headers before logs are emitted.