@@ -89,6 +89,28 @@ function createUnzip() {
8989 return createUnzip ( ) ;
9090}
9191
92+ /**
93+ * Redirection status code as per section 6.4 of RFC 7231:
94+ * https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
95+ * and RFC 7238:
96+ * https://datatracker.ietf.org/doc/html/rfc7238
97+ * @param {number } statusCode
98+ * @returns {boolean }
99+ */
100+ function isRedirect ( statusCode ) {
101+ switch ( statusCode ) {
102+ case 300 : // Multiple Choices
103+ case 301 : // Moved Permanently
104+ case 302 : // Found
105+ case 303 : // See Other
106+ case 307 : // Temporary Redirect
107+ case 308 : // Permanent Redirect
108+ return true ;
109+ default :
110+ return false ;
111+ }
112+ }
113+
92114/**
93115 * @param {URL } parsed
94116 * @returns {Promise<CacheEntry> | CacheEntry }
@@ -107,9 +129,8 @@ function fetchWithRedirects(parsed) {
107129 // `finally` on network error/timeout.
108130 const { 0 : res } = await once ( req , 'response' ) ;
109131 try {
110- const isRedirect = res . statusCode >= 300 && res . statusCode <= 303 ;
111132 const hasLocation = ObjectPrototypeHasOwnProperty ( res . headers , 'location' ) ;
112- if ( isRedirect && hasLocation ) {
133+ if ( isRedirect ( res . statusCode ) && hasLocation ) {
113134 const location = new URL ( res . headers . location , parsed ) ;
114135 if ( location . protocol !== 'http:' && location . protocol !== 'https:' ) {
115136 throw new ERR_NETWORK_IMPORT_DISALLOWED (
@@ -127,7 +148,7 @@ function fetchWithRedirects(parsed) {
127148 err . message = `Cannot find module '${ parsed . href } ;
128149 throw err ;
129150 }
130- if ( res . statusCode > 303 || res . statusCode < 200 ) {
151+ if ( res . statusCode < 200 || res . statusCode >= 400 ) {
131152 throw new ERR_NETWORK_IMPORT_DISALLOWED (
132153 res . headers . location ,
133154 parsed . href ,
0 commit comments