diff options
author | Roland Shoemaker <roland@golang.org> | 2021-04-26 20:10:56 -0700 |
---|---|---|
committer | Roland Shoemaker <roland@golang.org> | 2021-05-03 17:34:10 +0000 |
commit | b5842308892e0c4f9e772a42d5826f6f62f57be3 (patch) | |
tree | 17758f68b2204ded90d2d9a21f65b0e8938fa77f /src/net | |
parent | 169155d61ede128caa8452bdff3ce9995287c138 (diff) | |
download | go-b5842308892e0c4f9e772a42d5826f6f62f57be3.tar.gz go-b5842308892e0c4f9e772a42d5826f6f62f57be3.zip |
net/http: use relative path in Location redirect
If the cleaned path did not match the requested path, ServeMux.Handler
would return a Location header which reflected the hostname in the
request, possibly leading to an incorrect redirect. Instead the
Location header should be relative, like the other cases in
ServeMux.Handler.
Change-Id: I2c220d925e708061bc128f0bdc96cca7a32764d3
Reviewed-on: https://go-review.googlesource.com/c/go/+/313950
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Diffstat (limited to 'src/net')
-rw-r--r-- | src/net/http/serve_test.go | 17 | ||||
-rw-r--r-- | src/net/http/server.go | 5 |
2 files changed, 19 insertions, 3 deletions
diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go index f8687416fe..a9714682c7 100644 --- a/src/net/http/serve_test.go +++ b/src/net/http/serve_test.go @@ -6507,3 +6507,20 @@ func TestDisableKeepAliveUpgrade(t *testing.T) { t.Fatalf("unexpected value read from body:\ngot: %q\nwant: %q", b, "hello") } } + +func TestMuxRedirectRelative(t *testing.T) { + setParallel(t) + req, err := ReadRequest(bufio.NewReader(strings.NewReader("GET http://example.com HTTP/1.1\r\nHost: test\r\n\r\n"))) + if err != nil { + t.Errorf("%s", err) + } + mux := NewServeMux() + resp := httptest.NewRecorder() + mux.ServeHTTP(resp, req) + if got, want := resp.Header().Get("Location"), "/"; got != want { + t.Errorf("Location header expected %q; got %q", want, got) + } + if got, want := resp.Code, StatusMovedPermanently; got != want { + t.Errorf("Expected response code %d; got %d", want, got) + } +} diff --git a/src/net/http/server.go b/src/net/http/server.go index e52a78e652..4e73508973 100644 --- a/src/net/http/server.go +++ b/src/net/http/server.go @@ -2404,9 +2404,8 @@ func (mux *ServeMux) Handler(r *Request) (h Handler, pattern string) { if path != r.URL.Path { _, pattern = mux.handler(host, path) - url := *r.URL - url.Path = path - return RedirectHandler(url.String(), StatusMovedPermanently), pattern + u := &url.URL{Path: path, RawQuery: r.URL.RawQuery} + return RedirectHandler(u.String(), StatusMovedPermanently), pattern } return mux.handler(host, r.URL.Path) |