Use strict protocol check when redirect (#29642)

2025-09-02 22:07:05 +09:00 · 2024-03-07 10:03:41 +08:00
parent 9730d3a9af
commit c72e1a7abb
2 changed files with 48 additions and 1 deletions
--- a/services/context/base.go
+++ b/services/context/base.go
@ -256,7 +256,7 @@ func (b *Base) Redirect(location string, status ...int) {
 		code = status[0]
 	}

-	if strings.Contains(location, "://") || strings.HasPrefix(location, "//") {
+	if strings.HasPrefix(location, "http://") || strings.HasPrefix(location, "https://") || strings.HasPrefix(location, "//") {
 		// Some browsers (Safari) have buggy behavior for Cookie + Cache + External Redirection, eg: /my-path => https://other/path
 		// 1. the first request to "/my-path" contains cookie
 		// 2. some time later, the request to "/my-path" doesn't contain cookie (caused by Prevent web tracking)