From b3668f67a056e722c9dc61941bfdee30684d79eb Mon Sep 17 00:00:00 2001 From: naskya Date: Thu, 28 Mar 2024 15:35:51 +0900 Subject: [PATCH] fix (backend): check redirect url --- packages/backend/src/misc/fetch.ts | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/packages/backend/src/misc/fetch.ts b/packages/backend/src/misc/fetch.ts index ee903a79e9..8108b13d9e 100644 --- a/packages/backend/src/misc/fetch.ts +++ b/packages/backend/src/misc/fetch.ts @@ -83,6 +83,9 @@ export async function getResponse(args: { }); if (args.redirect === "manual" && [301, 302, 307, 308].includes(res.status)) { + if (!isValidUrl(res.url)) { + throw new StatusError("Invalid URL", 400); + } return res; } @@ -94,10 +97,6 @@ export async function getResponse(args: { ); } - if (res.redirected && !isValidUrl(res.url)) { - throw new StatusError("Invalid URL", 400); - } - return res; }