From 17f9511f0c39646144ebbee46511c4d302a3b10f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Ka=C5=A1tovsk=C3=BD?= <devfilipkastovsky@gmail.com>
Date: Sun, 25 Aug 2024 15:06:29 +0200
Subject: [PATCH] ALL-8523: relax ssrf checks and allow tatum gateway nodes
 (#1125)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* ALL-8523: relax ssrf checks and allow tatum gateway nodes

* ALL-8523: bump version

---------

Co-authored-by: Filip Kaštovský <filip.kastovsky@tatum.io>
---
 CHANGELOG.md                            | 9 ++++++---
 package.json                            | 2 +-
 src/service/rpc/generic/LoadBalancer.ts | 4 ++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bb90a9419..314f2a757 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## [4.2.40] - 2024.8.25
+
+### Fixed
+
+- Relax SSRF checks and allow tatum gateway nodes
+
 ## [4.2.39] - 2024.8.14
 
 ### Updated
@@ -71,7 +77,6 @@
 
 - Support for Avalanche Notifications
 
-
 ## [4.2.27] - 2024.5.6
 
 ### Added
@@ -82,7 +87,6 @@
 
 - Polygon Mumbai
 
-
 ## [4.2.26] - 2024.5.6
 
 ### Added
@@ -95,7 +99,6 @@
 
 - Added support for Iota API calls
 
-
 ## [4.2.23] - 2024.4.10
 
 ### Updated
diff --git a/package.json b/package.json
index a72e90aa5..8ab93903c 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@tatumio/tatum",
-  "version": "4.2.39",
+  "version": "4.2.40",
   "description": "Tatum JS SDK",
   "author": "Tatum",
   "repository": "https://github.com/tatumio/tatum-js",
diff --git a/src/service/rpc/generic/LoadBalancer.ts b/src/service/rpc/generic/LoadBalancer.ts
index f1937fa31..2d1010cb7 100644
--- a/src/service/rpc/generic/LoadBalancer.ts
+++ b/src/service/rpc/generic/LoadBalancer.ts
@@ -338,7 +338,7 @@ export class LoadBalancer implements AbstractRpcInterface {
   private checkSSRF(url: string): boolean {
     try {
       const parsedUrl = new URL(url)
-      return parsedUrl.hostname.endsWith('rpc.tatum.io')
+      return parsedUrl.hostname.endsWith('tatum.io')
     } catch (e) {
       Utils.log({
         id: this.id,
@@ -358,7 +358,7 @@ export class LoadBalancer implements AbstractRpcInterface {
         return typeMatch
       }
 
-      // If noSSRFCheck is false or undefined, check if the URL ends with 'rpc.tatum.io'.
+      // If noSSRFCheck is false or undefined, check if the URL ends with 'tatum.io'.
       const ssrfCheckPassed = this.checkSSRF(node.url)
 
       // Log if the URL doesn't pass the SSRF check