go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-01-23 10:41:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
923d151190
iris/core/router
History
wozz 923d151190 Fix open redirect 
Fix open redirect by using strings.Trim.

Another option would be to use path.Clean similar to here, but I'm unsure of side effects that may have for this use case: https://github.com/golang/go/blob/master/src/net/http/server.go#L2034

See a PoC of this issue with this link: https://iris-go.com//google.com/

Former-commit-id: fa422e436353a7e0699f0b346f3679455c5d965b
2018-04-20 16:49:30 -07:00
..
macro made it work but looking for another approach 2017-12-04 05:06:03 +02:00
node Update to version 8.5.5 | Read HISTORY.md 2017-11-02 05:54:33 +02:00
api_builder.go Cleanup of some old code 2018-03-17 02:27:25 +02:00
fs.go Add one more browser (and 304 server) cache method using ETag and If-None-Match headers 2018-03-18 11:55:05 +02:00
handler.go Fix open redirect 2018-04-20 16:49:30 -07:00
macro.go Update to 8.4.0 | New macro type, new high-optimized MVC features. Read HISTORY.md 2017-08-27 18:46:04 +03:00
mime.go Update to version 8.5.5 | Read HISTORY.md 2017-11-02 05:54:33 +02:00
party.go add the new StaticEmbeddedGzip on the Party interface, it works within multiple levels like the StaticEmbedded, so why not 2018-03-15 23:15:10 +02:00
path_test.go Release of version 10.4.0 - x8 faster embedded file server | Star and Read HISTORY.md 2018-03-14 07:17:35 +02:00
path.go Release of version 10.4.0 - x8 faster embedded file server | Star and Read HISTORY.md 2018-03-14 07:17:35 +02:00
route.go made it work but looking for another approach 2017-12-04 05:06:03 +02:00
router_handlers_order_test.go Update to version 10.2.0. Read: https://github.com/kataras/iris/blob/master/HISTORY.md#th-08-february-2018--v1020 2018-02-08 14:04:39 +02:00
router_subdomain_redirect_wrapper.go NEW: Application#SubdomainRedirect. Example: https://github.com/kataras/iris/blob/master/_examples/subdomains/redirect/main.go 2018-01-20 05:17:31 +02:00
router_test.go Add fallback handlers 2018-02-21 12:27:01 +03:00
router_wildcard_root_test.go add content type and response text to the Controller 💯 2017-09-02 14:32:14 +03:00
router.go remove the complicated fallback handlers, that didn't work and not approve the coblexity addition of the https://github.com/kataras/iris/pull/919, RouteExists accepts first argument the Context, add new AllowMethods per party and fix cors by 048e2be034 https://github.com/kataras/iris/issues/922, rel: https://github.com/iris-contrib/middleware/issues/36, https://github.com/iris-contrib/middleware/issues/34, https://github.com/iris-contrib/middleware/issues/32, https://github.com/iris-contrib/middleware/issues/30, https://github.com/kataras/iris/pull/909 2018-03-10 14:22:56 +02:00
spa.go add context#StatusCodeNotSuccessful for customize even the most customized clients that are not compatible with the standards and fix the SPA if static file serve handlers are passed as its AssetHandler as reported at the chat.iris-go.com 2018-01-31 02:35:22 +02:00
status_test.go Update to 8.0.4 | New: transfer a message to the request logger 2017-07-17 17:42:51 +03:00
status.go add context#StatusCodeNotSuccessful for customize even the most customized clients that are not compatible with the standards and fix the SPA if static file serve handlers are passed as its AssetHandler as reported at the chat.iris-go.com 2018-01-31 02:35:22 +02:00