fix: allow upgrading HTTP to HTTPS for redirects

Re: #3142 and #3658

When adding certain podcasts, the server encountered a redirect from an HTTP URL to an HTTPS domain, causing an error that was difficult for end users to diagnose without inspecting logs or HTML.

This issue arose due to SSRF security measures that blocked such redirects. Instead of failing in these cases, we now detect when the error is caused by an HTTP-to-HTTPS upgrade. If confirmed, we upgrade the initial URL to HTTPS and resend the request.

Since this change does not allow cross-protocol or cross-domain redirections, it remains secure while resolving most of the reported issues.

Affected podcasts that are now fixed:

- D&D is for Nerds
- The New Yorker: The Writer's Voice - New Fiction from The New Yorker
- Radiolab

server/utils/podcastUtils.js

@@ -343,6 +343,14 @@ module.exports.getPodcastFeed = (feedUrl, excludeEpisodeMetadata = false) => {
       return payload.podcast
     })
     .catch((error) => {
+      // Check for failures due to redirecting from http to https. If original url was http, upgrade to https and try again
+      if (error.code === 'ERR_FR_REDIRECTION_FAILURE' && error.cause.code === 'ERR_INVALID_PROTOCOL') {
+        if (feedUrl.startsWith('http://') && error.request._options.protocol === 'https:') {
+          Logger.info('Redirection from http to https detected. Upgrading Request', error.request._options.href)
+          feedUrl = feedUrl.replace('http://', 'https://')
+          return this.getPodcastFeed(feedUrl, excludeEpisodeMetadata)
+        }
+      }
       Logger.error('[podcastUtils] getPodcastFeed Error', error)
       return null
     })