From c05aa7a28181b64669fb9e23c5e40b162292bef2 Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Mon, 5 May 2025 09:56:28 -0400
Subject: [PATCH] softer URL preview validation: remove unsupported URLs
 instead of rejecting the whole preview

---
 packages/backend/src/server/web/UrlPreviewService.ts | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/packages/backend/src/server/web/UrlPreviewService.ts b/packages/backend/src/server/web/UrlPreviewService.ts
index fe03583270..0bd3eff3ba 100644
--- a/packages/backend/src/server/web/UrlPreviewService.ts
+++ b/packages/backend/src/server/web/UrlPreviewService.ts
@@ -231,28 +231,32 @@ export class UrlPreviewService {
 		if (summary.player.url) {
 			const playerScheme = this.utilityService.getUrlScheme(summary.player.url);
 			if (playerScheme !== 'http:' && playerScheme !== 'https:') {
-				throw new Error(`unsupported scheme in player URL: "${playerScheme}"`);
+				this.logger.warn(`Redacting preview for ${summary.url}: player URL has unsupported scheme "${playerScheme}"`);
+				summary.player.url = null;
 			}
 		}
 
 		if (summary.icon) {
 			const iconScheme = this.utilityService.getUrlScheme(summary.icon);
 			if (iconScheme !== 'http:' && iconScheme !== 'https:') {
-				throw new Error(`unsupported scheme in icon URL: "${iconScheme}"`);
+				this.logger.warn(`Redacting preview for ${summary.url}: icon URL has unsupported scheme "${iconScheme}"`);
+				summary.icon = null;
 			}
 		}
 
 		if (summary.thumbnail) {
 			const thumbnailScheme = this.utilityService.getUrlScheme(summary.thumbnail);
 			if (thumbnailScheme !== 'http:' && thumbnailScheme !== 'https:') {
-				throw new Error(`unsupported scheme in thumbnail URL: "${thumbnailScheme}"`);
+				this.logger.warn(`Redacting preview for ${summary.url}: thumbnail URL has unsupported scheme "${thumbnailScheme}"`);
+				summary.thumbnail = null;
 			}
 		}
 
 		if (summary.activityPub) {
 			const activityPubScheme = this.utilityService.getUrlScheme(summary.activityPub);
 			if (activityPubScheme !== 'http:' && activityPubScheme !== 'https:') {
-				throw new Error(`unsupported scheme in ActivityPub URL: "${activityPubScheme}"`);
+				this.logger.warn(`Redacting preview for ${summary.url}: ActivityPub URL has unsupported scheme "${activityPubScheme}"`);
+				summary.activityPub = null;
 			}
 		}
 	}