Skip to content

fix(install): cap redirects in fetchRawText to prevent loops#73

Merged
derek-palmer merged 1 commit into
mainfrom
fix/cap-redirects
May 29, 2026
Merged

fix(install): cap redirects in fetchRawText to prevent loops#73
derek-palmer merged 1 commit into
mainfrom
fix/cap-redirects

Conversation

@derek-palmer
Copy link
Copy Markdown
Owner

@derek-palmer derek-palmer commented May 29, 2026

Summary

fetchRawText followed 301/302 redirects via unbounded recursion — a redirect cycle caused infinite recursion and request fan-out. Now caps the chain at 5 hops and resolves null (the existing fetch-failure contract) when the budget runs out or Location is missing.

Tests

Added 3 node --test cases in tests/install.test.js:

  • 301→self loop resolves null (no overflow)
  • finite 3-hop chain within cap returns body
  • 302 with no Location resolves null

Full suite: 11/11 green.

Closes #69

🤖 Generated with Claude Code

@derek-palmer
fix(install): cap redirects in fetchRawText to prevent loops
2942ad4 
fetchRawText followed 301/302 redirects by recursing with no depth
limit, so a redirect cycle caused unbounded recursion and request
fan-out before any failure surfaced. Cap the chain at 5 hops and
resolve null (the existing fetch-failure contract) when the budget is
exhausted or a Location header is absent.

Closes #69
@derek-palmer derek-palmer merged commit 72b8673 into main May 29, 2026
10 checks passed
@derek-palmer derek-palmer deleted the fix/cap-redirects branch May 29, 2026 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cap redirects in bin/install.js fetchRawText to prevent loop

1 participant

@derek-palmer