fix(slack): ignore malformed media redirects · openclaw/openclaw@d41907a
vincentkoc
·
2026-05-14
·
via Recent Commits to openclaw:main
File tree
extensions/slack/src/monitor
| Original file line number | Diff line number | Diff line change |
|---|
@@ -19,6 +19,7 @@ Docs: https://docs.openclaw.ai
|
19 | 19 | - Media fetch: skip allocating and buffering the response body for bodyless media responses (HEAD probes and 204-style empty bodies), avoiding wasted heap on streams that carry no payload. Thanks @shakkernerd. |
20 | 20 | - CLI/onboarding: forward provider-specific auth flags (e.g. `--openai-api-key`) through the onboarding wizard so they reach provider auth methods via `ctx.opts`, letting `--openai-api-key "$OPENAI_API_KEY"` skip the redundant "use existing env var?" prompt in non-interactive harnesses. (#81669) Thanks @sjf. |
21 | 21 | - CLI/migrate: drop trailing periods from Codex migrate item messages and `REASON_CODE_MESSAGES` strings so plan/result rows read as labels instead of sentence fragments. (#81705) Thanks @sjf. |
| 22 | +- Slack: treat malformed private-file redirect `Location` headers as unfollowable redirects instead of failing Slack media downloads. |
22 | 23 | - Matrix: ignore malformed percent-encoding in optional location URI parameters instead of letting a bad `geo:` event abort inbound message handling. |
23 | 24 | - Plugins: discover provider plugins from `setup.providers[].envVars` credentials during provider discovery while keeping the deprecated `providerAuthEnvVars` fallback. (#81542) Thanks @JARVIS-Glasses. |
24 | 25 | - Docs/Codex harness: clarify that per-agent `CODEX_HOME` isolates `~/.codex` while inherited `HOME` intentionally keeps `.agents` discovery and subprocess user-home state available. |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -359,6 +359,20 @@ describe("fetchWithSlackAuth", () => {
|
359 | 359 | expect(mockFetch).toHaveBeenCalledTimes(1); |
360 | 360 | }); |
361 | 361 | |
| 362 | +it("returns redirect response when location header is malformed", async () => { |
| 363 | +const redirectResponse = new Response(null, { |
| 364 | +status: 302, |
| 365 | +headers: { location: "http://[::1" }, |
| 366 | +}); |
| 367 | + |
| 368 | +mockFetch.mockResolvedValueOnce(redirectResponse); |
| 369 | + |
| 370 | +const result = await fetchWithSlackAuth("https://files.slack.com/test.jpg", "xoxb-test-token"); |
| 371 | + |
| 372 | +expect(result).toBe(redirectResponse); |
| 373 | +expect(mockFetch).toHaveBeenCalledTimes(1); |
| 374 | +}); |
| 375 | + |
362 | 376 | it("returns 4xx/5xx responses directly without following", async () => { |
363 | 377 | const errorResponse = new Response("Not Found", { |
364 | 378 | status: 404, |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -122,7 +122,12 @@ export async function fetchWithSlackAuth(url: string, token: string): Promise<Re
|
122 | 122 | return initialRes; |
123 | 123 | } |
124 | 124 | |
125 | | -const resolvedUrl = new URL(redirectUrl, parsed.href); |
| 125 | +let resolvedUrl: URL; |
| 126 | +try { |
| 127 | +resolvedUrl = new URL(redirectUrl, parsed.href); |
| 128 | +} catch { |
| 129 | +return initialRes; |
| 130 | +} |
126 | 131 | if (resolvedUrl.protocol !== "https:") { |
127 | 132 | return initialRes; |
128 | 133 | } |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。