Prevent redirect to Host (#9678) (#9679)

diff --git a/modules/context/context.go b/modules/context/context.go
index 4b590a7181362a319976b4dbea143bca17fc1f78..f8663b9c03b07339524bf88890de53670963adca 100644 (file)
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -122,7 +123,7 @@ func (ctx *Context) RedirectToFirst(location ...string) {
                }
 
                u, err := url.Parse(loc)
-               if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
+               if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
                        continue
                }