fileserver: Preserve query during canonicalization redirect (#6109)

francislavoie · web-flow · commit 5a4374bea055 · 2024-03-05T22:51:26.000-07:00
* fileserver: Preserve query during canonicalization redirect

* Clarify that only a path should be passed
diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go
@@ -639,12 +639,18 @@ func calculateEtag(d os.FileInfo) string {
 	return `"` + t + s + `"`
 }
 
-func redirect(w http.ResponseWriter, r *http.Request, to string) error {
-	for strings.HasPrefix(to, "//") {
+// redirect performs a redirect to a given path. The 'toPath' parameter
+// MUST be solely a path, and MUST NOT include a query.
+func redirect(w http.ResponseWriter, r *http.Request, toPath string) error {
+	for strings.HasPrefix(toPath, "//") {
 		// prevent path-based open redirects
-		to = strings.TrimPrefix(to, "/")
+		toPath = strings.TrimPrefix(toPath, "/")
 	}
-	http.Redirect(w, r, to, http.StatusPermanentRedirect)
+	// preserve the query string if present
+	if r.URL.RawQuery != "" {
+		toPath += "?" + r.URL.RawQuery
+	}
+	http.Redirect(w, r, toPath, http.StatusPermanentRedirect)
 	return nil
 }
 
