From 3eab26fed10f5f756adcfd7eae23a7701db7323d Mon Sep 17 00:00:00 2001
From: Felix Rieseberg <f@anthropic.com>
Date: Sat, 11 Apr 2026 09:31:38 -0700
Subject: [PATCH] check-links: allow 403 from github user-attachments CDN

---
 tools/check-links.js | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tools/check-links.js b/tools/check-links.js
index 40cd8cb..2aaa6eb 100644
--- a/tools/check-links.js
+++ b/tools/check-links.js
@@ -15,9 +15,13 @@ async function main() {
       const response = await fetch(link, { method: 'HEAD' })
 
       if (!response.ok) {
-        // If we're inside GitHub's release asset server, we just ran into AWS not allowing
-        // HEAD requests, which is different from a 404.
-        if (!response.url.startsWith('https://github-production-release-asset')) {
+        // GitHub's release-asset and user-attachments CDNs reject anonymous HEAD
+        // requests (403), which is different from a 404.
+        const isGithubCdn =
+          response.url.startsWith('https://github-production-release-asset') ||
+          response.url.startsWith('https://github-production-user-asset') ||
+          link.startsWith('https://github.com/user-attachments/')
+        if (!isGithubCdn) {
           throw new Error (`HTTP Error Response: ${response.status} ${response.statusText}`)
         }
       }