Is your feature request related to a problem? Please describe.

I think that less experienced developers are unaware of how Axios behaves in terms of prioritizing absolute URLs over the BaseURL attribute configuration.

This situation could generate SSRF type vulnerabilities in use cases such as:

  config.defaults.BaseURL = 'http://mysite.com';
  path = req.query.path;
  axios.get(path);

A malicious user could enter path values ​​like 'http://evil.com/' (absolute URL) and direct the request to a different site.

Describe the solution you'd like

While it is possible to validate that user input does not contain absolute URLs, I find it safer to have a configuration attribute that allows or denies absolute URLs. Example:

allowAbsoluteURL = false/true

The value true would reflect normal Axios behavior.

The value false generates an exception in requests when each of the following conditions are met:

• The restclient methods receives an absolute URL as a parameter.
• The value of BaseURL config was explicitly declared in the restclient configuration.
• The BaseURL value is not a prefix to the absolute URL received as a parameter.

Describe alternatives you've considered

No response

Additional context/Screenshots

No response