Function create_secure_redirect_policy

pub fn create_secure_redirect_policy() -> Policy

Creates a secure redirect policy that only allows HTTP to HTTPS upgrades on the same host.

This policy prevents SSRF attacks via redirect chains while still allowing legitimate protocol upgrades (e.g., when a user configures http:// but the server redirects to https://).

Security Guarantees

• Single redirect only: Prevents redirect chains that could be used to bypass security
• Same host required: The redirect target must have the exact same host as the original request
• Protocol upgrade only: Only allows http → https, blocks all other redirects

Examples

Allowed:

• http://example.com/rpc → https://example.com/rpc
• http://example.com:8545/ → https://example.com:8545/

Blocked:

• https://example.com/ → https://other.com/ (different host)
• https://example.com/ → http://example.com/ (downgrade)
• http://a.com/ → http://b.com/ → https://b.com/ (chain)