github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-01-19 08:42:49 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fileserver: Preserve query during canonicalization redirect (#6109)

Browse Source 
* fileserver: Preserve query during canonicalization redirect

* Clarify that only a path should be passed
This commit is contained in:
Francis Lavoie 2024-03-06 00:51:26 -05:00 committed by GitHub
parent 0d44e3ecba
commit 5a4374bea0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/caddyhttp/fileserver/staticfiles.go
View File

@ -639,12 +639,18 @@ func calculateEtag(d os.FileInfo) string {
return `"` + t + s + `"`
}
func redirect(w http.ResponseWriter, r *http.Request, to string) error {
for strings.HasPrefix(to, "//") {
// redirect performs a redirect to a given path. The 'toPath' parameter
// MUST be solely a path, and MUST NOT include a query.
func redirect(w http.ResponseWriter, r *http.Request, toPath string) error {
for strings.HasPrefix(toPath, "//") {
// prevent path-based open redirects
to = strings.TrimPrefix(to, "/")
toPath = strings.TrimPrefix(toPath, "/")
}
http.Redirect(w, r, to, http.StatusPermanentRedirect)
// preserve the query string if present
if r.URL.RawQuery != "" {
toPath += "?" + r.URL.RawQuery
}
http.Redirect(w, r, toPath, http.StatusPermanentRedirect)
return nil
}