companion: enable protection when fetching file size + log info about blocked redirect (#2332)

* companion: enable protection when fetching file size

this has no critical implications, but it's better to have consistent behaviour

* companion: log message when redirect is blocked

packages/@uppy/companion/src/server/controllers/url.js

@@ -51,7 +51,7 @@ const get = (req, res) => {
     return res.status(400).json({ error: 'Invalid request body' })
   }
 
-  utils.getURLMeta(req.body.url)
+  utils.getURLMeta(req.body.url, !debug)
     .then(({ size }) => {
       // @ts-ignore
       logger.debug('Instantiating uploader.', null, req.id)

packages/@uppy/companion/src/server/helpers/request.js

@@ -3,6 +3,7 @@ const https = require('https')
 const { URL } = require('url')
 const dns = require('dns')
 const ipAddress = require('ip-address')
+const logger = require('../logger')
 const FORBIDDEN_IP_ADDRESS = 'Forbidden IP address'
 
 function isIPAddress (address) {
@@ -84,11 +85,13 @@ module.exports.getRedirectEvaluator = (requestURL, blockPrivateIPs) => {
     }
 
     const redirectURL = res.headers.location
-    if (!redirectURL) {
-      return false
+    const shouldRedirect = redirectURL ? new URL(redirectURL).protocol === protocol : false
+    if (!shouldRedirect) {
+      logger.info(
+        `blocking redirect from ${requestURL} to ${redirectURL}`, 'redirect.protection')
     }
 
-    return new URL(redirectURL).protocol === protocol
+    return shouldRedirect
   }
 }