Best-effort check that a URL targets a development/private host, without
doing a DNS lookup. Matches loopback hostnames (localhost) and any IP
literal that isPrivateIp would reject. Public domain names always
return false.
Used by higher layers that need to inherit the operator's "private is OK"
trust from a primary probe and propagate it to same-origin chain hops —
callers that pass this flag into ssrfSafeFetch should do so only when
they've already decided the target origin is trusted.
Best-effort check that a URL targets a development/private host, without doing a DNS lookup. Matches loopback hostnames (
localhost) and any IP literal that isPrivateIp would reject. Public domain names always returnfalse.Used by higher layers that need to inherit the operator's "private is OK" trust from a primary probe and propagate it to same-origin chain hops — callers that pass this flag into
ssrfSafeFetchshould do so only when they've already decided the target origin is trusted.Returns
falseon unparseable inputs.