MCPcopy
hub / github.com/gofiber/fiber / Back

Method Back

redirect.go:381–404  ·  view source on GitHub ↗

Back redirect to the URL to referer. It validates that the Referer is same-origin to prevent open redirect attacks. If the Referer is missing, invalid, or cross-origin, the fallback URL is used.

(fallback ...string)

Source from the content-addressed store, hash-verified

379// It validates that the Referer is same-origin to prevent open redirect attacks.
380// If the Referer is missing, invalid, or cross-origin, the fallback URL is used.
381func (r *Redirect) Back(fallback ...string) error {
382 location := r.c.Get(HeaderReferer)
383 if location != "" {
384 if !strings.HasPrefix(location, "/") || strings.HasPrefix(location, "//") {
385 parsed, err := url.Parse(location)
386 if err != nil || (parsed.Scheme != "" && parsed.Host == "") || (parsed.Host != "" && !schemehost.Match(parsed.Scheme, parsed.Host, r.c.Scheme(), r.c.Host())) {
387 location = "" // Reject invalid or cross-origin referrers
388 }
389 }
390 }
391
392 if location == "" {
393 // Check fallback URL
394 if len(fallback) == 0 {
395 err := ErrRedirectBackNoFallback
396 r.c.Status(err.Code)
397
398 return err
399 }
400 location = fallback[0]
401 }
402
403 return r.To(location)
404}
405
406// parseAndClearFlashMessages is a method to get flash messages before they are getting removed
407func (r *Redirect) parseAndClearFlashMessages() {

Calls 7

ToMethod · 0.95
MatchFunction · 0.92
GetMethod · 0.65
ParseMethod · 0.65
SchemeMethod · 0.65
HostMethod · 0.65
StatusMethod · 0.65