Refactor URL detection (#29960)

"Redirect" functions should only redirect if the target is for current Gitea site.
2025-07-22 18:28:37 +00:00 · 2024-03-21 20:02:34 +08:00
parent 0b4ff15356
commit 01500957c2
9 changed files with 96 additions and 43 deletions
--- a/routers/common/redirect.go
+++ b/routers/common/redirect.go
@@ -17,7 +17,7 @@ func FetchRedirectDelegate(resp http.ResponseWriter, req *http.Request) {
 	// The typical page is "issue comment" page. The backend responds "/owner/repo/issues/1#comment-2",
 	// then frontend needs this delegate to redirect to the new location with hash correctly.
 	redirect := req.PostFormValue("redirect")
-	if httplib.IsRiskyRedirectURL(redirect) {
+	if !httplib.IsCurrentGiteaSiteURL(redirect) {
 		resp.WriteHeader(http.StatusBadRequest)
 		return
 	}