🐛 Bug Report — fetch not checking if resolved redirect URL is http(s)

[jasnell]

Reproduction:

export default {
  async fetch(req, env) {
    if (req.url.endsWith('/sub')) {
      return new Response("Hello World\n", {
        status: 302, headers: {
          location: 'file://what/is/the/url'
        }
      });
    } else {
      const resp = await fetch('http://localhost:8080/sub', { redirect: 'follow'});
      console.log(resp.status);
      console.log(resp.url);
      return new Response("ok");
    }
  }
};

Expected result:

A useful error or proper network error response as defined by the spec

Actual result:

The runtime throws an "internal error" due to a triggered assert in kj/compat/http.c++

What's the issue:

In the initial request, the runtime will validate that the request URL is http:// or https://, with additional special handling around ws:// and wss:// URLs. When a redirect response is processed and we generate a new request URL from the location header, we are not applying the same checks so we end up passing a non-http URL down to the kj http client, which fails with an assertion. We need to be properly validating the redirect url.

[jasnell]

Hmm... interesting... further testing is showing this case being handled correctly in some instances. I've seen the assertion in some cases (like the repro above) but not others (which end up returning a proper 404 not found)... weird. Will keep investigating.