pub fn create_secure_redirect_policy() -> PolicyExpand description
Creates a secure redirect policy that only allows HTTP to HTTPS upgrades on the same host.
This policy prevents SSRF attacks via redirect chains while still allowing legitimate
protocol upgrades (e.g., when a user configures http:// but the server redirects to https://).
§Security Guarantees
- Single redirect only: Prevents redirect chains that could be used to bypass security
- Same host required: The redirect target must have the exact same host as the original request
- Protocol upgrade only: Only allows
http→https, blocks all other redirects