Use strict protocol check when redirect (#29642) (#29644)

Backport #29642 by wxiaoguang Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-07 11:53:33 +08:00 · 2024-03-07 11:53:33 +08:00 · 0b5a4e7db4
commit 0b5a4e7db4
parent b6a2b9594a
2 changed files with 40 additions and 1 deletions
--- a/modules/context/base.go
+++ b/modules/context/base.go
@ -255,7 +255,7 @@ func (b *Base) Redirect(location string, status ...int) {
 		code = status[0]
 	}

-	if strings.Contains(location, "://") || strings.HasPrefix(location, "//") {
+	if strings.HasPrefix(location, "http://") || strings.HasPrefix(location, "https://") || strings.HasPrefix(location, "//") {
 		// Some browsers (Safari) have buggy behavior for Cookie + Cache + External Redirection, eg: /my-path => https://other/path
 		// 1. the first request to "/my-path" contains cookie
 		// 2. some time later, the request to "/my-path" doesn't contain cookie (caused by Prevent web tracking)