]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 831af61)
net/http: preserve original path encoding in redirects
authorSean Liao <sean@liao.dev>
Sun, 16 Nov 2025 00:13:40 +0000 (00:13 +0000)
committerSean Liao <sean@liao.dev>
Fri, 21 Nov 2025 20:47:46 +0000 (12:47 -0800)
Fixes #70758

Change-Id: I9fc6fe98c194351557c6219513918b7593899bc1
Reviewed-on: https://go-review.googlesource.com/c/go/+/720821
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
src/net/http/serve_test.go patch | blob | history
src/net/http/server.go patch | blob | history

diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
index 4aa5b3a50fd36dea1479b437a90b928d50687a61..6ade5988342295f7604a3dff7d84894da2c50be7 100644 (file)
--- a/src/net/http/serve_test.go
+++ b/src/net/http/serve_test.go
@@ -2881,6 +2881,19 @@ func TestRedirectBadPath(t *testing.T) {
        }
 }
 
+func TestRedirectEscapedPath(t *testing.T) {
+       baseURL, redirectURL := "http://example.com/foo%2Fbar/", "qux%2Fbaz"
+       req := httptest.NewRequest("GET", baseURL, NoBody)
+
+       rr := httptest.NewRecorder()
+       Redirect(rr, req, redirectURL, StatusMovedPermanently)
+
+       wantURL := "/foo%2Fbar/qux%2Fbaz"
+       if got := rr.Result().Header.Get("Location"); got != wantURL {
+               t.Errorf("Redirect(%s, %s) = %s, want = %s", baseURL, redirectURL, got, wantURL)
+       }
+}
+
 // Test different URL formats and schemes
 func TestRedirect(t *testing.T) {
        req, _ := NewRequest("GET", "http://example.com/qux/", nil)
diff --git a/src/net/http/server.go b/src/net/http/server.go
index 1a7f7519908d8d858094aae90b202fac2e96c82e..26364549584c6c9adfa2adacd3dab766a3d14716 100644 (file)
--- a/src/net/http/server.go
+++ b/src/net/http/server.go
@@ -2408,7 +2408,7 @@ func Redirect(w ResponseWriter, r *Request, url string, code int) {
                // but doing it ourselves is more reliable.
                // See RFC 7231, section 7.1.2
                if u.Scheme == "" && u.Host == "" {
-                       oldpath := r.URL.Path
+                       oldpath := r.URL.EscapedPath()
                        if oldpath == "" { // should not happen, but avoid a crash if it does
                                oldpath = "/"
                        }
Go GOST TLS 1.3