Redirect loop may leak internal IP via DNS resolution
When following redirects, the code calls assertUrlIsFetchable(nextUrl) which performs a DNS lookup on the redirect target's hostname. If the redirect target is a hostname that resolves to a mix of public and private IPs, the guard correctly blocks it. However, the DNS resolution itself has already occurred, potentially leaking the internal hostname to the DNS resolver configured on the host. This is a minor information disclosure vector, but since the DNS query is made before the IP check, an attacker could use a redirect to trigger DNS lookups for internal hostnames. The severity is medium because it requires a malicious or compromised redirect target and a DNS resolver that logs or monitors queries.