Infrastructure/caddy
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-02-03 23:09:57 -05:00
Code Issues Activity

fileserver: Preserve query during canonicalization redirect (#6109)

Browse source 
* fileserver: Preserve query during canonicalization redirect

* Clarify that only a path should be passed
This commit is contained in:
Francis Lavoie 2024-03-06 00:51:26 -05:00 committed by GitHub
parent 0d44e3ecba
commit 5a4374bea0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
modules/caddyhttp/fileserver/staticfiles.go
View file

@ -639,12 +639,18 @@ func calculateEtag(d os.FileInfo) string {
return `"` + t + s + `"` return `"` + t + s + `"`
} }
func redirect(w http.ResponseWriter, r *http.Request, to string) error { // redirect performs a redirect to a given path. The 'toPath' parameter
for strings.HasPrefix(to, "//") { // MUST be solely a path, and MUST NOT include a query.
func redirect(w http.ResponseWriter, r *http.Request, toPath string) error {
for strings.HasPrefix(toPath, "//") {
// prevent path-based open redirects // prevent path-based open redirects
to = strings.TrimPrefix(to, "/") toPath = strings.TrimPrefix(toPath, "/")
} }
http.Redirect(w, r, to, http.StatusPermanentRedirect) // preserve the query string if present
if r.URL.RawQuery != "" {
toPath += "?" + r.URL.RawQuery
}
http.Redirect(w, r, toPath, http.StatusPermanentRedirect)
return nil return nil
} }