fix(ai/core): skip SSRF validation for data: URLs in downloadAssets#13188
Open
jgarrison929 wants to merge 1 commit intovercel:mainfrom
Open
fix(ai/core): skip SSRF validation for data: URLs in downloadAssets#13188jgarrison929 wants to merge 1 commit intovercel:mainfrom
jgarrison929 wants to merge 1 commit intovercel:mainfrom
Conversation
data: URLs are inline content, not remote resources, but downloadAssets() was converting them to URL objects and sending them through the download pipeline where validateDownloadUrl() rejects non-HTTP(S) protocols. Filter out data: URLs before the download step. They are already handled correctly by convertToLanguageModelV4DataContent() which extracts the base64 payload and media type. Adds a test verifying data: URLs are not downloaded and are correctly decoded. Fixes vercel#13103
tigent
bot
added
ai/core
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The SSRF protection added in
@ai-sdk/provider-utils@4.0.19rejectsdata:URLs duringdownloadAssets(), breaking inline file attachments (images, PDFs) sent as base64 data URLs.The flow:
downloadAssets()converts string data to URL objects vianew URL(data)—data:URLs are valid URLsinstanceof URLfilter passes them through to the download pipelinevalidateDownloadUrl()rejectsdata:protocol (only allowshttp:/https:)AI_DownloadError: URL scheme must be http or https, got data:Fix
Add
&& part.data.protocol !== 'data:'to the filter indownloadAssets()sodata:URLs are excluded from the download queue.This is safe because
convertToLanguageModelV4DataContent()indata-content.tsalready handlesdata:URLs correctly — it extracts the base64 payload and media type at line 53.Changes
packages/ai/src/prompt/convert-to-language-model-prompt.ts— one filter condition addedpackages/ai/src/prompt/convert-to-language-model-prompt.test.ts— test verifyingdata:URLs are not downloaded and are correctly decodedFixes #13103