address comments

superset/utils/urls.py

@@ -62,6 +62,6 @@ def is_safe_url(url: str) -> bool:
         return False
     if unicodedata.category(url[0])[0] == "C":
         return False
-    if test_url.scheme not in ("http", "https") or ref_url.netloc != test_url.netloc:
+    if test_url.scheme != ref_url.scheme or ref_url.netloc != test_url.netloc:
         return False
     return True

superset/views/datasource/views.py

@@ -89,7 +89,7 @@ def save(self) -> FlaskResponse:
                     "The submitted URL is not considered safe,"
                     " only use URLs with the same domain as Superset."
                 ),
-                status=500,
+                status=400,
             )
 
         orm_datasource = DatasourceDAO.get_datasource(

tests/integration_tests/datasource_tests.py

@@ -307,7 +307,7 @@ def test_save_default_endpoint_validation_fail(self):
         datasource_post["default_endpoint"] = "http://www.google.com"
         data = dict(data=json.dumps(datasource_post))
         resp = self.client.post("/datasource/save/", data=data)
-        assert resp.status_code == 500
+        assert resp.status_code == 400
 
     def test_save_default_endpoint_validation_unsafe(self):
         self.app.config["PREVENT_UNSAFE_DEFAULT_URLS_ON_DATASET"] = False

tests/unit_tests/utils/urls_tests.py

@@ -42,9 +42,12 @@ def test_convert_dashboard_link() -> None:
     [
         ("http://localhost/", True),
         ("http://localhost/superset/1", True),
+        ("https://localhost/", False),
+        ("https://localhost/superset/1", False),
         ("localhost/superset/1", False),
         ("ftp://localhost/superset/1", False),
         ("http://external.com", False),
+        ("https://external.com", False),
         ("external.com", False),
         ("///localhost", False),
         ("xpto://localhost:[3/1/", False),