aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFrancis Lavoie <[email protected]>2024-03-06 00:51:26 -0500
committerGitHub <[email protected]>2024-03-05 22:51:26 -0700
commit5a4374bea055c49c9c38b6a7d41e43742c137341 (patch)
treed342e3697b4222b562ca068a69c895912b5483eb
parent0d44e3ecbaa0b16894e936068785e7fe32f41b48 (diff)
downloadcaddy-5a4374bea055c49c9c38b6a7d41e43742c137341.tar.gz
caddy-5a4374bea055c49c9c38b6a7d41e43742c137341.zip
fileserver: Preserve query during canonicalization redirect (#6109)
* fileserver: Preserve query during canonicalization redirect * Clarify that only a path should be passed
-rw-r--r--modules/caddyhttp/fileserver/staticfiles.go14
1 files changed, 10 insertions, 4 deletions
diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go
index 1f0b6a5e4..57d1bc851 100644
--- a/modules/caddyhttp/fileserver/staticfiles.go
+++ b/modules/caddyhttp/fileserver/staticfiles.go
@@ -639,12 +639,18 @@ func calculateEtag(d os.FileInfo) string {
return `"` + t + s + `"`
}
-func redirect(w http.ResponseWriter, r *http.Request, to string) error {
- for strings.HasPrefix(to, "//") {
+// redirect performs a redirect to a given path. The 'toPath' parameter
+// MUST be solely a path, and MUST NOT include a query.
+func redirect(w http.ResponseWriter, r *http.Request, toPath string) error {
+ for strings.HasPrefix(toPath, "//") {
// prevent path-based open redirects
- to = strings.TrimPrefix(to, "/")
+ toPath = strings.TrimPrefix(toPath, "/")
}
- http.Redirect(w, r, to, http.StatusPermanentRedirect)
+ // preserve the query string if present
+ if r.URL.RawQuery != "" {
+ toPath += "?" + r.URL.RawQuery
+ }
+ http.Redirect(w, r, toPath, http.StatusPermanentRedirect)
return nil
}