Merge 5ea1f87e8838da6ff3d02435f979778342fe1af4 into 8763f33c65f7df8be5b9fe7504ab7fcf20abb41d

context.go

@@ -1137,7 +1137,14 @@ func (c *Context) String(code int, format string, values ...any) {
 }
 
 // Redirect returns an HTTP redirect to the specific location.
+// When the 'location' parameter is empty, it poses a potential security risk.
+// Avoid bringing potential security risks into the production environment.
 func (c *Context) Redirect(code int, location string) {
+	if location == "" {
+		debugPrint(`[WARNING] When the 'location' parameter is empty, it poses a potential security risk. Please input a secure redirection URL to ensure safe operation.`)
+	}
+
+
 	c.Render(-1, render.Redirect{
 		Code:     code,
 		Location: location,

context_test.go

@@ -1419,6 +1419,7 @@ func TestContextRenderRedirectAll(t *testing.T) {
 	assert.Panics(t, func() { c.Redirect(309, "/resource") })
 	assert.NotPanics(t, func() { c.Redirect(http.StatusMultipleChoices, "/resource") })
 	assert.NotPanics(t, func() { c.Redirect(http.StatusPermanentRedirect, "/resource") })
+	assert.NotPanics(t, func() { c.Redirect(http.StatusTemporaryRedirect, "")})
 }
 
 func TestContextNegotiationWithJSON(t *testing.T) {

docs/doc.md

@@ -1548,6 +1548,8 @@ Gin allow by default use only one html.Template. Check [a multitemplate render](
 
 Issuing a HTTP redirect is easy. Both internal and external locations are supported.
 
+Note: When the location is empty, there is a security risk. Please do not bring it to production
+
 ```go
 r.GET("/test", func(c *gin.Context) {
   c.Redirect(http.StatusMovedPermanently, "http://www.google.com/")