net/http: fix infinite 301 redirects of http.FileServe #38534
Conversation
When using `http.FileServer` to serve virtual filesystem, If the url was exactly `/`, it will redirect to `..//`, this is actually itself, as result, this line of code will cause infinite 301 redirects loop. To prevent this behavior it is safe to add additional check `&& url !="/"`. Related issue: golang#13996 ``` $ curl http://localhost:9000/ -v -L % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying ::1:9000... * TCP_NODELAY set * Trying 127.0.0.1:9000... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 9000 (#0) > GET / HTTP/1.1 > Host: localhost:9000 > User-Agent: curl/7.65.3 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Location: ..// < Date: Mon, 20 Apr 2020 02:08:14 GMT < Content-Length: 0 < 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 * Connection #0 to host localhost left intact * Issue another request to this URL: 'http://localhost:9000/' * Found bundle for host localhost: 0x2754760 [serially] * Can not multiplex, even if we wanted to! * Re-using existing connection! (#0) with host localhost * Connected to localhost (127.0.0.1) port 9000 (#0) > GET / HTTP/1.1 > Host: localhost:9000 > User-Agent: curl/7.65.3 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Location: ..// < Date: Mon, 20 Apr 2020 02:08:14 GMT < Content-Length: 0 < 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 * Connection #0 to host localhost left intact * Issue another request to this URL: 'http://localhost:9000/' * Found bundle for host localhost: 0x2754760 [serially] * Can not multiplex, even if we wanted to! * Re-using existing connection! (#0) with host localhost * Connected to localhost (127.0.0.1) port 9000 (#0) TLDR < 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 * Connection #0 to host localhost left intact * Issue another request to this URL: 'http://localhost:9000/' * Found bundle for host localhost: 0x2754760 [serially] * Can not multiplex, even if we wanted to! * Re-using existing connection! (#0) with host localhost * Connected to localhost (127.0.0.1) port 9000 (#0) > GET / HTTP/1.1 > Host: localhost:9000 > User-Agent: curl/7.65.3 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Location: ..// < Date: Mon, 20 Apr 2020 02:08:14 GMT < Content-Length: 0 < 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 * Connection #0 to host localhost left intact * Maximum (50) redirects followed curl: (47) Maximum (50) redirects followed ```
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
googlebot
added
the
cla: no
|
@googlebot I signed it! |
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: yes
medcl
changed the title
|
This PR (HEAD: 5ad8f1f) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/go/+/228904 to see it. Tip: You can toggle comments from me using the |
|
Message from Gobot Gobot: Patch Set 1: Congratulations on opening your first change. Thank you for your contribution! Next steps: Most changes in the Go project go through a few rounds of revision. This can be During May-July and Nov-Jan the Go project is in a code freeze, during which Please don’t reply on this GitHub thread. Visit golang.org/cl/228904. |
|
Message from Brad Fitzpatrick: Patch Set 1: (2 comments) Please add a test. Please don’t reply on this GitHub thread. Visit golang.org/cl/228904. |
medcl
changed the title
|
Message from Medcl: Patch Set 5:
Hi, Brad, Really appreciate your fast reaction, since this is a minor change, and didn't ship new features, do you still think it is necessary to add a test. i just don't find a good test case for this change. Please don’t reply on this GitHub thread. Visit golang.org/cl/228904. |
|
Message from Emmanuel Odeke: Patch Set 5: Code-Review-1 (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/228904. |
|
Message from Medcl: Patch Set 5: (2 comments) Please don’t reply on this GitHub thread. Visit golang.org/cl/228904. |
|
Message from Emmanuel Odeke: Patch Set 5: (4 comments) Please don’t reply on this GitHub thread. Visit golang.org/cl/228904. |
|
Message from Go Bot: Patch Set 1: Congratulations on opening your first change. Thank you for your contribution! Next steps: Most changes in the Go project go through a few rounds of revision. This can be During May-July and Nov-Jan the Go project is in a code freeze, during which Please don’t reply on this GitHub thread. Visit golang.org/cl/228904. |
This change modifies If the url is already root "/", don't cause additional redirect. Fixes: #13996