Merge 5ea1f87e8838da6ff3d02435f979778342fe1af4 into 077a2f39c85700ba0823f85ed29cec0c8f2cbdfc

context.go

@@ -1171,7 +1171,14 @@ func (c *Context) String(code int, format string, values ...any) {
 }
 
 // Redirect returns an HTTP redirect to the specific location.
+// When the 'location' parameter is empty, it poses a potential security risk.
+// Avoid bringing potential security risks into the production environment.
 func (c *Context) Redirect(code int, location string) {
+	if location == "" {
+		debugPrint(`[WARNING] When the 'location' parameter is empty, it poses a potential security risk. Please input a secure redirection URL to ensure safe operation.`)
+	}
+
+
 	c.Render(-1, render.Redirect{
 		Code:     code,
 		Location: location,

context_test.go

@@ -1535,6 +1535,7 @@ func TestContextRenderRedirectAll(t *testing.T) {
 	assert.Panics(t, func() { c.Redirect(309, "/resource") })
 	assert.NotPanics(t, func() { c.Redirect(http.StatusMultipleChoices, "/resource") })
 	assert.NotPanics(t, func() { c.Redirect(http.StatusPermanentRedirect, "/resource") })
+	assert.NotPanics(t, func() { c.Redirect(http.StatusTemporaryRedirect, "")})
 }
 
 func TestContextNegotiationWithJSON(t *testing.T) {

docs/doc.md

@@ -1555,6 +1555,8 @@ Gin allows only one html.Template by default. Check [a multitemplate render](htt
 
 Issuing a HTTP redirect is easy. Both internal and external locations are supported.
 
+Note: When the location is empty, there is a security risk. Please do not bring it to production
+
 ```go
 r.GET("/test", func(c *gin.Context) {
   c.Redirect(http.StatusMovedPermanently, "http://www.google.com/")