From 1b08d12bf1c029c5ddf83c9247f3feb0e5bf195b Mon Sep 17 00:00:00 2001
From: miteruzo <miteruzo@naver.com>
Date: Thu, 17 Jul 2025 06:02:10 +0900
Subject: [PATCH] #39

---
 backend/app/controllers/preview_controller.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/backend/app/controllers/preview_controller.rb b/backend/app/controllers/preview_controller.rb
index f823228..0590891 100644
--- a/backend/app/controllers/preview_controller.rb
+++ b/backend/app/controllers/preview_controller.rb
@@ -6,6 +6,10 @@ class PreviewController < ApplicationController
     url = params[:url]
     return head :bad_request unless url.present?
 
+    unless url.start_with?(/http(s)?:\/\//)
+      url = 'http://' + url
+    end
+
     html = URI.open(url, open_timeout: 5, read_timeout: 5).read
     doc = Nokogiri::HTML.parse(html)
     title = doc.at('title')&.text&.strip
@@ -17,11 +21,16 @@ class PreviewController < ApplicationController
 
   def thumbnail
     # TODO: 既知ドメインであれば指定のアドレスからサムネールを取得するやぅにする．
+
     return head :unauthorized unless current_user
 
     url = params[:url]
     return head :bad_request if url.blank?
 
+    unless url.start_with?(/http(s)?:\/\//)
+      url = 'http://' + url
+    end
+
     path = Rails.root.join('tmp', "thumb_#{ SecureRandom.hex }.png")
     system("node #{ Rails.root }/lib/screenshot.js #{ Shellwords.escape(url) } #{ path }")