| ▲ | Fine-grained HTTP filtering for Claude Code(ammar.io) |
| 88 points by ammario 3 days ago | 11 comments |
| |
|
| ▲ | mandrade2 3 days ago | parent | next [-] |
| > Allow only GET requests i.e. make the internet read-only If only developers never made use of GET to modify resources... https://www.reddit.com/r/webdev/comments/6999x7/comment/dh4v... |
| |
| ▲ | userbinator 3 days ago | parent | next [-] | | Ironically, your URL demonstrates this nicely, having a bunch of extra superfluous parameters that only serve to update some tracking database. Here is the "cleaned" URL: https://www.reddit.com/r/webdev/comments/6999x7/comment/dh4v... I thought it'd be this old but memorable article: https://thedailywtf.com/articles/The_Spider_of_Doom | |
| ▲ | andy99 3 days ago | parent | prev [-] | | Am I misunderstanding this one? GET still sends information to another server, what is the "read only" aspect? | | |
| ▲ | kookybakker 3 days ago | parent | next [-] | | In theory a get request sent to a server should not have any side effects and only retrieve some data. In practice implemention is completely up to the developer and their rule is about as useful as putting up an exit sign to prevent people from entering your building. | |
| ▲ | nnikiforakis 3 days ago | parent | prev | next [-] | | As others mentioned, GET requests are supposed to be idempotent, i.e., you can send the same request 100 times and get the same response (with no server side-effects) 100 times. GET requests are also easier to be abused in Cross Site Request Forgery (CSRF) attacks. Modern countermeasures in browsers (like SameSite cookies) will protect cross-origin POST and other state-changing methods, but will largely allow GET requests to go through while carrying session cookies. | |
| ▲ | ammario 3 days ago | parent | prev [-] | | I meant read-only there in the sense of mutability, not exfiltration. Of course, some websites may permit mutations through GET so it’s probably only sensible to use alongside known hosts. | | |
|
|
|
| ▲ | simonw 6 days ago | parent | prev | next [-] |
| This describes httpjail, a new Rust sandbox proxy tool: https://github.com/coder/httpjail It works for any process, not just Claude Code. I got it working with Codex CLI like this: httpjail --js "r.host === 'chatgpt.com'" -- codex
After installing it using Cargo (and Homebrew): brew upgrade rust
cargo install httpjail
I wrote more notes about it here: https://simonwillison.net/2025/Sep/19/httpjail/ |
|
| ▲ | moderation 3 days ago | parent | prev [-] |
| Previously [0] 0. https://news.ycombinator.com/item?id=45307459 |
| |
