- Disable aiohttp auto-redirects and re-validate every Location target
against the same allowlist used for the initial URL, closing an SSRF
vector where an allowed host could redirect to an arbitrary internal
endpoint.
- Accept subdomains of allowlisted hosts so Hugging Face's LFS CDN
(cdn-lfs.huggingface.co et al.) keeps working under the stricter
redirect handling.
- Pass an explicit ClientTimeout (connect/sock_read) so hung remotes
surface as errors instead of blocking the request handler forever.
- Log the exception value alongside the traceback on the 500 fallback.
- Add positive coverage for normalize_model_relative_path, Civitai URL
allowlisting, and the redirect-following / SSRF-rejection branches of
open_model_download_response.
Co-authored-by: Cursor <cursoragent@cursor.com>
