Block redirects explicitly in fetch-url API route

Author: gary149

src/routes/api/fetch-url/+server.ts

@@ -48,12 +48,17 @@ export async function GET({ url, fetch }) {
 
 		const response = await fetch(targetUrl, {
 			signal: controller.signal,
-			redirect: "error", // Block all redirects
+			redirect: "manual",
 			headers: {
 				"User-Agent": "HuggingChat-Attachment-Fetcher/1.0",
 			},
 		}).finally(() => clearTimeout(timeoutId));
 
+		// Explicitly block redirects
+		if (response.status >= 300 && response.status < 400) {
+			throw error(400, "Redirects are not allowed");
+		}
+
 		if (!response.ok) {
 			throw error(response.status, `Failed to fetch: ${response.statusText}`);
 		}