Provider-response URLs validated; transcription stream envelope added
@ai-sdk/provider-utils@5.0.9
Patch Changes
-
4be62c1: fix(provider-utils): validate provider-response URLs in
getFromApigetFromApinow has avalidateUrlflag. It is optional so existing callers keep compiling (omitting it behaves likefalse, i.e. no validation), but all AI SDK provider packages set it explicitly at every call site so each one makes a visible trust decision. Whentrue, the URL is routed throughfetchWithValidatedRedirects— the same guard used bydownloadBlob— which rejects private/loopback/link-local targets, re-validates every redirect hop, strips proxy/metadata/cookie request headers, and drops all caller headers except the user-agent on cross-origin redirects (custom API-key headers must not follow a redirect off-origin any more thanAuthorizationmay); blocked URLs throwDownloadError. It is enabled at the image/video/audio download and polling call sites where the URL comes from a provider response body; URLs built from developer-configured endpoints passvalidateUrl: falseand are unaffected.A new optional
credentialedOriginwithholds caller headers unless the URL is same-origin with it, so the API key is not sent to a response-supplied host on a different origin.A new optional
trustedOriginexempts URLs (and redirect hops) that are same-origin with the developer-configured provider endpoint from target validation, so self-hosted and localhost deployments whose response URLs point back at the configured host keep working; all other hops are still validated.Also closes range gaps in
validateDownloadUrl(IPv4224.0.0.0/4multicast and the TEST-NET documentation ranges192.0.2.0/24,198.51.100.0/24,203.0.113.0/24; IPv6 documentation ranges2001:db8::/32and3fff::/20), and follows only the fetch-spec redirect status codes (301/302/303/307/308) — aLocationheader on any other status is not followed. This guard performs string/literal checks only and does not resolve DNS; hostnames that resolve to private addresses and DNS rebinding remain out of scope and must be constrained at the network layer (or by injecting a Nodefetchthat pins the resolved IP at connect time) for server deployments handling untrusted URLs. Seecontributing/secure-url-handling.md. -
7805e4a: Add experimental transcription-stream WebSocket envelope (standard doStream-over-WebSocket serialization): frame type constants,
experimental_parseTranscriptionStreamClientFrame,experimental_serializeTranscriptionStreamPart, andexperimental_parseTranscriptionStreamPart(all APIs are exported with experimental prefixes).serializeTranscriptionStreamPartreturnsundefinedfor payloads that are not JSON-serializable (callers drop the frame) and serializes cross-realmErrorpayloads by brand check. -
cd12954: Reject empty OpenAI, Anthropic, and Replicate base URLs with a helpful AI SDK invalid argument error.
Fetched July 13, 2026

