AP lookups cannot redirect
What happened?
When performing a user-initiated untrusted AP fetch (such as via the Lookup tool), cross-origin redirects are rejected.
What did you expect to happen?
Redirects should be allowed for this specific case (and only this case!) because it's necessary for compatibility with split-domain setups and objects with an alternate url. It's safe to follow redirects here as long as we ignore the input URI and exclusively trust the final redirected URI. This property is accessible via res.url, and should replace the original input URL.
Version
2024.10.0-dev
Instance
enby.life
What type of issue is this? (If this happens on your device and has to do with the user interface, it's client-side. If this happens on either with the API or the backend, or you got a server-side error in the client, it's server-side.)
backend
How do you deploy Sharkey on your server? (Server-side issues only)
Build from source
What operating system are you using? (Server-side issues only)
Ubuntu Server 22.04
Contribution Guidelines By submitting this issue, you agree to follow our Contribution Guidelines
- I agree to follow this project's Contribution Guidelines
- I have searched the issue tracker for similar issues, and this is not a duplicate.