blackteay/gin
3
0
Fork 0
mirror of https://github.com/gin-gonic/gin.git synced 2025-10-15 04:57:07 +08:00
Code Issues Projects Releases Wiki Activity

chore: add Debugging location is "" redirect to "/"

Browse Source
This commit is contained in:
Ghost 2024-07-07 23:39:46 +08:00
parent e0d08aba79
commit c99d328d50
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
context.go
View File

@ -1066,7 +1066,14 @@ func (c *Context) String(code int, format string, values ...any) {
} }
// Redirect returns an HTTP redirect to the specific location. // Redirect returns an HTTP redirect to the specific location.
// When the 'location' parameter is empty, it poses a potential security risk.
// Avoid bringing potential security risks into the production environment.
func (c *Context) Redirect(code int, location string) { func (c *Context) Redirect(code int, location string) {
if IsDebugging() && location == "" {
debugPrint(`[WARNING] When the 'location' parameter is empty, it poses a potential security risk. Please input a secure redirection URL to ensure safe operation.`)
location = "/"
}
c.Render(-1, render.Redirect{ c.Render(-1, render.Redirect{
Code: code, Code: code,
Location: location, Location: location,

2
docs/doc.md
View File

@ -1442,6 +1442,8 @@ Gin allow by default use only one html.Template. Check [a multitemplate render](
Issuing a HTTP redirect is easy. Both internal and external locations are supported. Issuing a HTTP redirect is easy. Both internal and external locations are supported.
Note: When the location is empty, there is a security risk. Please do not bring it to production
```go ```go
r.GET("/test", func(c *gin.Context) { r.GET("/test", func(c *gin.Context) {
c.Redirect(http.StatusMovedPermanently, "http://www.google.com/") c.Redirect(http.StatusMovedPermanently, "http://www.google.com/")