Web env vars
Overrides for the senkani_web SSRF guard. Only touch these if you know what you're doing.
SSRF guard bypass
SENKANI_WEB_ALLOW_PRIVATE=on — default off. Normally, senkani_web blocks any address in private/link-local/CGNAT/multicast ranges (including IPv4-mapped IPv6 and octal/hex IPv4). Redirects are re-validated. Subresources (img/script/xhr/etc.) to the same ranges are blocked via WKContentRuleList. Setting this env var to on lifts the private-range block — use only for internal doc servers on a trusted network.
This is not a "make it work" switch. Cloud metadata endpoints (169.254.169.254, fd00:ec2::254) are accessible from your machine if this is on. Senkani's SSRF guard exists specifically to keep those endpoints unreachable from LLM-controlled HTTP requests. Bypass at your own risk.
Scheme scope
file:// is never accepted by senkani_web. Use senkani_read for local files.