From: Roland Shoemaker Date: Tue, 27 Apr 2021 03:10:56 +0000 (-0700) Subject: net/http: use relative path in Location redirect X-Git-Tag: go1.17beta1~286 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=b5842308892e0c4f9e772a42d5826f6f62f57be3;p=gostls13.git net/http: use relative path in Location redirect If the cleaned path did not match the requested path, ServeMux.Handler would return a Location header which reflected the hostname in the request, possibly leading to an incorrect redirect. Instead the Location header should be relative, like the other cases in ServeMux.Handler. Change-Id: I2c220d925e708061bc128f0bdc96cca7a32764d3 Reviewed-on: https://go-review.googlesource.com/c/go/+/313950 Trust: Roland Shoemaker Trust: Katie Hockman Run-TryBot: Roland Shoemaker TryBot-Result: Go Bot Reviewed-by: Katie Hockman --- diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go index f8687416fe..a9714682c7 100644 --- a/src/net/http/serve_test.go +++ b/src/net/http/serve_test.go @@ -6507,3 +6507,20 @@ func TestDisableKeepAliveUpgrade(t *testing.T) { t.Fatalf("unexpected value read from body:\ngot: %q\nwant: %q", b, "hello") } } + +func TestMuxRedirectRelative(t *testing.T) { + setParallel(t) + req, err := ReadRequest(bufio.NewReader(strings.NewReader("GET http://example.com HTTP/1.1\r\nHost: test\r\n\r\n"))) + if err != nil { + t.Errorf("%s", err) + } + mux := NewServeMux() + resp := httptest.NewRecorder() + mux.ServeHTTP(resp, req) + if got, want := resp.Header().Get("Location"), "/"; got != want { + t.Errorf("Location header expected %q; got %q", want, got) + } + if got, want := resp.Code, StatusMovedPermanently; got != want { + t.Errorf("Expected response code %d; got %d", want, got) + } +} diff --git a/src/net/http/server.go b/src/net/http/server.go index e52a78e652..4e73508973 100644 --- a/src/net/http/server.go +++ b/src/net/http/server.go @@ -2404,9 +2404,8 @@ func (mux *ServeMux) Handler(r *Request) (h Handler, pattern string) { if path != r.URL.Path { _, pattern = mux.handler(host, path) - url := *r.URL - url.Path = path - return RedirectHandler(url.String(), StatusMovedPermanently), pattern + u := &url.URL{Path: path, RawQuery: r.URL.RawQuery} + return RedirectHandler(u.String(), StatusMovedPermanently), pattern } return mux.handler(host, r.URL.Path)