2023-06-16 09:32:43 +03:00
// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package httplib
import (
"net/url"
"strings"
"code.gitea.io/gitea/modules/setting"
2024-03-21 15:02:34 +03:00
"code.gitea.io/gitea/modules/util"
2023-06-16 09:32:43 +03:00
)
2024-03-21 15:02:34 +03:00
func urlIsRelative ( s string , u * url . URL ) bool {
2023-06-16 09:32:43 +03:00
// Unfortunately browsers consider a redirect Location with preceding "//", "\\", "/\" and "\/" as meaning redirect to "http(s)://REST_OF_PATH"
// Therefore we should ignore these redirect locations to prevent open redirects
if len ( s ) > 1 && ( s [ 0 ] == '/' || s [ 0 ] == '\\' ) && ( s [ 1 ] == '/' || s [ 1 ] == '\\' ) {
2024-03-21 15:02:34 +03:00
return false
2023-06-16 09:32:43 +03:00
}
2024-03-21 15:02:34 +03:00
return u != nil && u . Scheme == "" && u . Host == ""
}
2023-06-16 09:32:43 +03:00
2024-03-21 15:02:34 +03:00
// IsRelativeURL detects if a URL is relative (no scheme or host)
func IsRelativeURL ( s string ) bool {
2023-06-16 09:32:43 +03:00
u , err := url . Parse ( s )
2024-03-21 15:02:34 +03:00
return err == nil && urlIsRelative ( s , u )
}
2023-06-16 09:32:43 +03:00
2024-03-21 15:02:34 +03:00
func IsCurrentGiteaSiteURL ( s string ) bool {
u , err := url . Parse ( s )
if err != nil {
return false
}
if u . Path != "" {
u . Path = "/" + util . PathJoinRelX ( u . Path )
if ! strings . HasSuffix ( u . Path , "/" ) {
u . Path += "/"
}
}
if urlIsRelative ( s , u ) {
return u . Path == "" || strings . HasPrefix ( strings . ToLower ( u . Path ) , strings . ToLower ( setting . AppSubURL + "/" ) )
}
if u . Path == "" {
u . Path = "/"
}
return strings . HasPrefix ( strings . ToLower ( u . String ( ) ) , strings . ToLower ( setting . AppURL ) )
2023-06-16 09:32:43 +03:00
}