fix: validate self-host route URLs consistently

2026-06-19 01:58:06 +02:00 · 2026-05-04 14:30:06 +02:00 · 2026-05-04 14:30:06 +02:00 · 1c9def2fde
commit 1c9def2fde
parent eede2f6953
8 changed files with 26 additions and 10 deletions
--- a/crates/webclaw-server/src/error.rs
+++ b/crates/webclaw-server/src/error.rs
@ -74,7 +74,16 @@ impl From<webclaw_fetch::FetchError> for ApiError {
            webclaw_fetch::FetchError::InvalidUrl(msg) => {
                Self::BadRequest(format!("invalid url: {msg}"))
            }
-            other => Self::Fetch(other.to_string()),
+            other => {
+                let msg = other.to_string();
+                if msg.contains("invalid url:")
+                    || msg.contains("blocked private or internal address")
+                {
+                    Self::BadRequest(msg)
+                } else {
+                    Self::Fetch(msg)
+                }
+            }
        }
    }
 }