SSRF-safe HTTP fetch. Parses url with vibe's URL — the exact parser the
connector uses — so the host vetted is the host connected to (no parser
differential). The host is classified ONCE via classifyHost; under
policy an internal target is rejected (blockInternal, dev-loopback-over-
http excepted) or pinned-but-permitted (allowUserConfigured). The request
URL's host is rewritten to the vetted numeric IP and the connection pinned to
it, while the original hostname is preserved for the Host header and TLS
SNI (no TOCTOU re-resolution).
Throws invalidRequest when the URL is unsafe under policy (insecure
scheme for blockInternal, an internal IP-literal/resolved address, or an
unresolvable host — fail CLOSED). @trusted because the vibe HTTP client API
is @system.
SSRF-safe HTTP fetch. Parses url with vibe's URL — the exact parser the connector uses — so the host vetted is the host connected to (no parser differential). The host is classified ONCE via classifyHost; under policy an internal target is rejected (blockInternal, dev-loopback-over- http excepted) or pinned-but-permitted (allowUserConfigured). The request URL's host is rewritten to the vetted numeric IP and the connection pinned to it, while the original hostname is preserved for the Host header and TLS SNI (no TOCTOU re-resolution).
Throws invalidRequest when the URL is unsafe under policy (insecure scheme for blockInternal, an internal IP-literal/resolved address, or an unresolvable host — fail CLOSED). @trusted because the vibe HTTP client API is @system.