#39

backend/app/controllers/preview_controller.rb

@@ -6,6 +6,10 @@ class PreviewController < ApplicationController
     url = params[:url]
     return head :bad_request unless url.present?
 
+    unless url.start_with?(/http(s)?:\/\//)
+      url = 'http://' + url
+    end
+
     html = URI.open(url, open_timeout: 5, read_timeout: 5).read
     doc = Nokogiri::HTML.parse(html)
     title = doc.at('title')&.text&.strip
@@ -17,11 +21,16 @@ class PreviewController < ApplicationController
 
   def thumbnail
     # TODO: 既知ドメインであれば指定のアドレスからサムネールを取得するやぅにする．
+
     return head :unauthorized unless current_user
 
     url = params[:url]
     return head :bad_request if url.blank?
 
+    unless url.start_with?(/http(s)?:\/\//)
+      url = 'http://' + url
+    end
+
     path = Rails.root.join('tmp', "thumb_#{ SecureRandom.hex }.png")
     system("node #{ Rails.root }/lib/screenshot.js #{ Shellwords.escape(url) } #{ path }")