fix(webhook-test): Hide exception details from webhook test response

[matthewelwell]

Changes

This PR addresses 2 things:

1. Validate URLs when creating or testing webhooks to validate for SSRF attacks.
2. Previously the response from the API returned the raw python exception to the client on a failed webhook test. This exposed unnecessary detail to the client.

Note: I think there are FE improvements that can be made here, but it opens a bit of a can of worms regarding standardising error messages and FE rendering of them.

How did you test this code?

1. Manually ran a test against a URL that failed and verified that the returned information was as expected.
2. Added and updated existing unit tests to verify the SSRF validation behaviour, and error responses

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs	Ignored	Preview	May 20, 2026 3:39pm
flagsmith-frontend-preview	Ignored	Preview	May 20, 2026 3:39pm
flagsmith-frontend-staging	Ignored	Preview	May 20, 2026 3:39pm

[github-actions]

Docker builds report

Image	Build Status	Security report
ghcr.io/flagsmith/flagsmith-e2e:pr-7550	Finished ✅	Skipped
ghcr.io/flagsmith/flagsmith-frontend:pr-7550	Finished ✅	Results ✅
ghcr.io/flagsmith/flagsmith:pr-7550	Finished ✅	Results ✅
ghcr.io/flagsmith/flagsmith-api:pr-7550	Finished ✅	Results ✅
ghcr.io/flagsmith/flagsmith-api-test:pr-7550	Finished ✅	Skipped
ghcr.io/flagsmith/flagsmith-private-cloud:pr-7550	Finished ✅	Results ✅

[github-actions]

Playwright Test Results (oss - depot-ubuntu-latest-16)

 1 passed

Details

 1 test across 1 suite
 39 seconds
 c77dde9
 🔄 Run: #16854 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

 1 passed

Details

 1 test across 1 suite
 36.5 seconds
 c77dde9
 🔄 Run: #16854 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

 3 passed

Details

 3 tests across 3 suites
 51.8 seconds
 c77dde9
 🔄 Run: #16854 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

 3 passed

Details

 3 tests across 3 suites
 41.6 seconds
 c77dde9
 🔄 Run: #16854 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-16)

 1 passed

Details

 1 test across 1 suite
 38.4 seconds
 fa80188
 🔄 Run: #16855 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

 1 passed

Details

 1 test across 1 suite
 38.8 seconds
 fa80188
 🔄 Run: #16855 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

 1 passed

Details

 1 test across 1 suite
 39.1 seconds
 fa80188
 🔄 Run: #16855 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

 1 passed

Details

 1 test across 1 suite
 56.6 seconds
 fa80188
 🔄 Run: #16855 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-16)

 1 passed

Details

 1 test across 1 suite
 38.5 seconds
 0a05e84
 🔄 Run: #16862 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

 19 passed

Details

 19 tests across 15 suites
 1 minute, 9 seconds
 0a05e84
 🔄 Run: #16862 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

 1 passed

Details

 1 test across 1 suite
 39.5 seconds
 0a05e84
 🔄 Run: #16862 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

 3 passed

Details

 3 tests across 3 suites
 50.1 seconds
 0a05e84
 🔄 Run: #16862 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

 1 passed

Details

 1 test across 1 suite
 43 seconds
 d31d339
 🔄 Run: #16868 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-16)

 1 passed

Details

 1 test across 1 suite
 35.5 seconds
 d31d339
 🔄 Run: #16868 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

 2 passed

Details

 2 tests across 2 suites
 55.3 seconds
 d31d339
 🔄 Run: #16868 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

 1 passed

Details

 1 test across 1 suite
 35.3 seconds
 d31d339
 🔄 Run: #16868 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-16)

 1 passed

Details

 1 test across 1 suite
 38 seconds
 36a5868
 🔄 Run: #16869 (attempt 1)

Playwright Test Results (oss - depot-ubuntu-latest-arm-16)

 1 passed

Details

 1 test across 1 suite
 41.5 seconds
 36a5868
 🔄 Run: #16869 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-arm-16)

 19 passed

Details

 19 tests across 15 suites
 1 minute, 10 seconds
 36a5868
 🔄 Run: #16869 (attempt 1)

Playwright Test Results (private-cloud - depot-ubuntu-latest-16)

 3 passed

Details

 3 tests across 3 suites
 53.9 seconds
 36a5868
 🔄 Run: #16869 (attempt 1)

[github-actions]

Visual Regression

19 screenshots compared. See report for details.
View full report

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.48%. Comparing base (24f4d1a) to head (36a5868).
⚠️ Report is 8 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff            @@
##             main    #7550    +/-   ##
========================================
  Coverage   98.47%   98.48%            
========================================
  Files        1400     1404     +4     
  Lines       53034    53360   +326     
========================================
+ Hits        52224    52550   +326     
  Misses        810      810            

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.