checkRedirectHost returns an error if the redirect target is on a different host than the client's configured BaseURL. This prevents credentials attached by the auth transport from being sent to an attacker-controlled host when a compromised or malicious API response returns a cross-origin Location
(location string)
| 2074 | // compromised or malicious API response returns a cross-origin Location header. |
| 2075 | // An empty Location is also rejected. |
| 2076 | func (c *Client) checkRedirectHost(location string) error { |
| 2077 | if location == "" { |
| 2078 | return errInvalidLocation |
| 2079 | } |
| 2080 | target, err := url.Parse(location) |
| 2081 | if err != nil { |
| 2082 | return fmt.Errorf("invalid redirect location %q: %w", location, err) |
| 2083 | } |
| 2084 | // Resolve relative locations against BaseURL so relative paths are allowed. |
| 2085 | target = c.baseURL.ResolveReference(target) |
| 2086 | if target.Host != c.baseURL.Host { |
| 2087 | return fmt.Errorf("refusing to follow cross-host redirect from %q to %q", c.baseURL.Host, target.Host) |
| 2088 | } |
| 2089 | return nil |
| 2090 | } |
| 2091 | |
| 2092 | // Ptr is a helper routine that allocates a new T value |
| 2093 | // to store v and returns a pointer to it. |
no outgoing calls
no test coverage detected