james/yarr
4
0
Fork 0
mirror of https://github.com/nkanaev/yarr.git synced 2025-05-24 00:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

prevent route leak

Browse Source
This commit is contained in:
hcl 2021-01-25 23:37:54 +08:00 committed by nkanaev
parent 52073e7e81
commit 1a0db29aa6
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/server.go
View File

@ -69,6 +69,10 @@ func unsafeMethod(method string) bool {
func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
reqPath := req.URL.Path reqPath := req.URL.Path
if BasePath != "" { if BasePath != "" {
if !strings.HasPrefix(reqPath, BasePath) {
rw.WriteHeader(http.StatusNotFound)
return
}
reqPath = strings.TrimPrefix(req.URL.Path, BasePath) reqPath = strings.TrimPrefix(req.URL.Path, BasePath)
if reqPath == "" { if reqPath == "" {
http.Redirect(rw, req, BasePath+"/", http.StatusFound) http.Redirect(rw, req, BasePath+"/", http.StatusFound)