From bd859b814f6479088f6f567779cb8fd63f833cb7 Mon Sep 17 00:00:00 2001
From: naskya <m@naskya.net>
Date: Sat, 30 Mar 2024 19:05:00 +0900
Subject: [PATCH] fix (backend): check redirect url

---
 packages/backend/src/misc/fetch.ts | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/packages/backend/src/misc/fetch.ts b/packages/backend/src/misc/fetch.ts
index d94c1f9a1..aaa876373 100644
--- a/packages/backend/src/misc/fetch.ts
+++ b/packages/backend/src/misc/fetch.ts
@@ -83,6 +83,9 @@ export async function getResponse(args: {
 	});
 
 	if (args.redirect === "manual" && [301, 302, 307, 308].includes(res.status)) {
+		if (!isValidUrl(res.url)) {
+			throw new StatusError("Invalid URL", 400);
+		}
 		return res;
 	}
 
@@ -94,10 +97,6 @@ export async function getResponse(args: {
 		);
 	}
 
-	if (res.redirected && !isValidUrl(res.url)) {
-		throw new StatusError("Invalid URL", 400);
-	}
-
 	return res;
 }