diff options
author | Francis Lavoie <[email protected]> | 2024-03-06 00:51:26 -0500 |
---|---|---|
committer | GitHub <[email protected]> | 2024-03-05 22:51:26 -0700 |
commit | 5a4374bea055c49c9c38b6a7d41e43742c137341 (patch) | |
tree | d342e3697b4222b562ca068a69c895912b5483eb | |
parent | 0d44e3ecbaa0b16894e936068785e7fe32f41b48 (diff) | |
download | caddy-5a4374bea055c49c9c38b6a7d41e43742c137341.tar.gz caddy-5a4374bea055c49c9c38b6a7d41e43742c137341.zip |
fileserver: Preserve query during canonicalization redirect (#6109)
* fileserver: Preserve query during canonicalization redirect
* Clarify that only a path should be passed
-rw-r--r-- | modules/caddyhttp/fileserver/staticfiles.go | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 1f0b6a5e4..57d1bc851 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -639,12 +639,18 @@ func calculateEtag(d os.FileInfo) string { return `"` + t + s + `"` } -func redirect(w http.ResponseWriter, r *http.Request, to string) error { - for strings.HasPrefix(to, "//") { +// redirect performs a redirect to a given path. The 'toPath' parameter +// MUST be solely a path, and MUST NOT include a query. +func redirect(w http.ResponseWriter, r *http.Request, toPath string) error { + for strings.HasPrefix(toPath, "//") { // prevent path-based open redirects - to = strings.TrimPrefix(to, "/") + toPath = strings.TrimPrefix(toPath, "/") } - http.Redirect(w, r, to, http.StatusPermanentRedirect) + // preserve the query string if present + if r.URL.RawQuery != "" { + toPath += "?" + r.URL.RawQuery + } + http.Redirect(w, r, toPath, http.StatusPermanentRedirect) return nil } |