james/yarr
4
0
Fork 0
mirror of https://github.com/nkanaev/yarr.git synced 2025-10-30 06:31:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

prevent route leak

Browse Source
This commit is contained in:
hcl
2021-01-25 23:37:54 +08:00
committed by nkanaev
parent 52073e7e81
commit 1a0db29aa6
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/server.go
View File

@@ -69,6 +69,10 @@ func unsafeMethod(method string) bool {
func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
reqPath := req.URL.Path reqPath := req.URL.Path
if BasePath != "" { if BasePath != "" {
if !strings.HasPrefix(reqPath, BasePath) {
rw.WriteHeader(http.StatusNotFound)
return
}
reqPath = strings.TrimPrefix(req.URL.Path, BasePath) reqPath = strings.TrimPrefix(req.URL.Path, BasePath)
if reqPath == "" { if reqPath == "" {
http.Redirect(rw, req, BasePath+"/", http.StatusFound) http.Redirect(rw, req, BasePath+"/", http.StatusFound)