f

lib/core/httpclient4.js

@@ -1,14 +1,22 @@
 const { HttpClient } = require('urllib4');
 const ms = require('humanize-ms');
+const SSRF_HTTPCLIENT = Symbol('SSRF_HTTPCLIENT');
 
 class HttpClient4 extends HttpClient {
-  constructor(app) {
+  constructor(app, options) {
     normalizeConfig(app);
-    const config = app.config.httpclient;
+    options = options || {};
+    options = {
+      ...app.config.httpclient,
+      ...options,
+    };
     super({
       app,
-      defaultArgs: config.request,
-      allowH2: config.allowH2,
+      defaultArgs: options.request,
+      allowH2: options.allowH2,
+      // use on egg-security ssrf
+      // https://github.com/eggjs/egg-security/blob/master/lib/extend/safe_curl.js#L11
+      checkAddress: options.checkAddress,
     });
     this.app = app;
   }
@@ -26,6 +34,21 @@ class HttpClient4 extends HttpClient {
   async curl(...args) {
     return await this.request(...args);
   }
+
+  async safeCurl(url, options = {}) {
+    if (!this[SSRF_HTTPCLIENT]) {
+      const ssrfConfig = this.app.config.security.ssrf;
+      if (ssrfConfig?.checkAddress) {
+        options.checkAddress = ssrfConfig.checkAddress;
+      } else {
+        this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
+      }
+      this[SSRF_HTTPCLIENT] = new HttpClient4(this.app, {
+        checkAddress: ssrfConfig.checkAddress,
+      });
+    }
+    return await this[SSRF_HTTPCLIENT].request(url, options);
+  }
 }
 
 function normalizeConfig(app) {

lib/egg.js

@@ -301,7 +301,7 @@ class EggApplication extends EggCore {
   createHttpClient(options) {
     let httpClient;
     if (this.config.httpclient.allowH2) {
-      httpClient = new this.HttpClient4(this);
+      httpClient = new this.HttpClient4(this, options);
     } else if (this.config.httpclient.useHttpClientNext) {
       httpClient = new this.HttpClientNext(this, options);
     } else if (this.config.httpclient.enableDNSCache) {