maciej/yarr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

prevent route leak

Browse source
This commit is contained in:
hcl 2021-01-25 23:37:54 +08:00 committed by nkanaev
parent 52073e7e81
commit 1a0db29aa6
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/server.go
View file

@ -69,6 +69,10 @@ func unsafeMethod(method string) bool {
func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
reqPath := req.URL.Path reqPath := req.URL.Path
if BasePath != "" { if BasePath != "" {
if !strings.HasPrefix(reqPath, BasePath) {
rw.WriteHeader(http.StatusNotFound)
return
}
reqPath = strings.TrimPrefix(req.URL.Path, BasePath) reqPath = strings.TrimPrefix(req.URL.Path, BasePath)
if reqPath == "" { if reqPath == "" {
http.Redirect(rw, req, BasePath+"/", http.StatusFound) http.Redirect(rw, req, BasePath+"/", http.StatusFound)