The HTTP Session was hardcoded with no injection point and followed
redirects by default, so a server-side caller pointing the client at an
attacker-influenced base_url (a tenant's prime_endpoint) had no way to
attach an SSRF policy, and a public endpoint could 302-redirect the
request to an internal address (e.g. the cloud metadata service).
- Client/DragonchainSDK now accept an optional `session` so callers can
inject a Session whose transport adapter refuses internal IPs. Default
stays unguarded for trusted/CLI use — the guard belongs in the server.
- Requests are sent with allow_redirects=False; Prime never legitimately
redirects, and a 3xx now surfaces to the caller instead of being followed.
Andrew Miller
5410b283e2