Summary
src/tools/http_request.rs and src/tools/web.rs already validate redirect chains for SSRF protection.
src/tools/screenshot.rs still follows redirects without equivalent hop-by-hop validation, which can allow SSRF via intermediate redirects to internal/private addresses.
Problem
A URL that appears safe at first request can redirect to:
- localhost / loopback
- private RFC1918 ranges
- link-local or metadata endpoints
- non-http(s) schemes
Without per-hop checks, the screenshot tool may navigate to blocked destinations.
Scope
Apply the same redirect-chain SSRF hardening used by HTTP/web tools to screenshot capture:
- Validate every redirect target before following.
- Enforce redirect limit.
- Validate final destination URL.
- Keep DNS/private-network checks consistent with existing tooling.
Acceptance Criteria
- Screenshot preflight rejects redirect hops to blocked/private/local targets.
- Screenshot preflight rejects non-http(s) redirect targets.
- Redirect-loop or excessive hop chains fail with a clear error.
- Unit tests cover redirect-target validation and regression cases.
Notes
This is a parity/security consistency fix with existing SSRF protections in:
src/tools/http_request.rssrc/tools/web.rs
Summary
src/tools/http_request.rsandsrc/tools/web.rsalready validate redirect chains for SSRF protection.src/tools/screenshot.rsstill follows redirects without equivalent hop-by-hop validation, which can allow SSRF via intermediate redirects to internal/private addresses.Problem
A URL that appears safe at first request can redirect to:
Without per-hop checks, the screenshot tool may navigate to blocked destinations.
Scope
Apply the same redirect-chain SSRF hardening used by HTTP/web tools to screenshot capture:
Acceptance Criteria
Notes
This is a parity/security consistency fix with existing SSRF protections in:
src/tools/http_request.rssrc/tools/web.rs