#21440: fix(msteams): enforce allowlist checks on redirect hops (SSRF) (#11811)
docs
channel: msteams
size: M
Cluster:
MSTeams SSRF Protection Enhancements
Fixes openclaw/openclaw#11811.
Security fix: MSTeams attachment downloads now use manual redirect handling and validate every redirect hop against the allowlist (HTTPS-only) before following, preventing SSRF via allowlisted URL -> disallowed redirect.
Also ensures Authorization headers are only attached for hosts in channels.msteams.mediaAuthAllowHosts (no token forwarding to redirect destinations).
Docs:
- docs/channels/msteams.md: note manual redirect + per-hop allowlist behavior.
AI-assisted: yes.
Testing:
- pnpm vitest run extensions/msteams/src/attachments.test.ts
- pnpm check
<!-- greptile_comment -->
<h3>Greptile Summary</h3>
This PR fixes an SSRF vulnerability in MSTeams attachment downloads by implementing manual redirect handling with per-hop allowlist validation.
**Key Changes:**
- Added `fetchWithManualRedirects` function that validates every redirect hop against the allowlist before following (HTTPS-only)
- Authorization headers are now only attached to hosts in the `authAllowHosts` list, preventing token forwarding to redirect destinations
- All fetch calls now use `redirect: "manual"` to prevent automatic redirect following before security checks
- Comprehensive test coverage for the SSRF prevention scenarios
- Documentation updated to describe the manual redirect and per-hop allowlist behavior
<h3>Confidence Score: 5/5</h3>
- This PR is safe to merge with minimal risk
- The security fix is well-implemented with proper validation at every redirect hop, comprehensive test coverage for all edge cases (SSRF prevention, auth header stripping, multi-hop redirects), and clear documentation. The implementation correctly enforces HTTPS-only redirects and prevents credential leakage.
- No files require special attention
<sub>Last reviewed commit: d30269f</sub>
<!-- greptile_other_comments_section -->
<sub>(4/5) You can add custom instructions or style guidelines for the agent [here](https://app.greptile.com/review/github)!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#11812: fix: MSTeams attachment fetch follows redirects before allowlist ch...
by coygeek · 2026-02-08
90.4%
#23598: fix(msteams): add SSRF protection to attachment downloads via redir...
by lewiswigmore · 2026-02-22
84.6%
#23629: fix(msteams): sanitize error messages sent to users (CWE-209)
by lewiswigmore · 2026-02-22
81.2%
#23596: fix(msteams): add SSRF validation to file consent upload URL
by lewiswigmore · 2026-02-22
80.3%
#10902: fix(msteams): fix inline pasted image downloads
by jlian · 2026-02-07
77.9%
#18716: msteams: fix DM image delivery + user target routing
by ktsushilofficial · 2026-02-17
77.1%
#16990: fix(media): strip auth headers on cross-origin redirect in download...
by AI-Reviewer-QS · 2026-02-15
75.1%
#8228: fix(link-understanding): block private IPs and internal hostnames i...
by yubrew · 2026-02-03
74.5%
#11086: fix(mattermost): allow private network for inbound media download
by oskarmodig · 2026-02-07
73.5%
#13089: fix(msteams): alias team config under channel conversation IDs for ...
by BradGroux · 2026-02-10
73.2%