Configurable Option for Destination Blocking in SAP Cloud SDK #667
Comments
|
We've heard this request once or twice also from other developers. It is definitely something to consider, in particular when an application is quite generic and allows for quite arbitrary requests towards the destinations defined by customers. However, this is something where we would likely also need some support from the server side, i.e. from the BTP Destination Service itself. Because not all users are using a library, and also otherwise different rules might get implemented for Java, JS, Python etc. Also, there are already some validation rules implemented on server side. For example, when using Still, I think this is something that we should also consider for the Cloud SDK. I can't promise anything at this time, but we'll consider this as a feature request. |
Describe the Problem
We are using the HTTPS Destination feature in the SAP BTP Cloud Foundry environment and have identified a potential improvement in its configuration capabilities. Currently, destinations can be set up in a way that might allow them to point to local loopback addresses or private network addresses.
Propose a Solution
We propose adding a configurable feature to the SDK that allows teams to decide whether to block calls to private or local addresses. This toggle-like option would enable consistent handling of security across all teams using the service, aligning with SAP's internal usage recommendations.
Could this be added to the SAP Cloud SDK?
Describe Alternatives
No response
Affected Development Phase
Production
Impact
Impaired
Timeline
No response
The text was updated successfully, but these errors were encountered: