From 7032ecce2a50e49d28cf00e8960eb0bcfb5403c2 Mon Sep 17 00:00:00 2001
From: Arve Knudsen <arve.knudsen@gmail.com>
Date: Thu, 8 Apr 2021 15:05:42 +0200
Subject: [PATCH] Server: Disambiguate redirects to server relative paths
 (#32788)

* Server: Disambiguate redirects to server relative paths

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
---
 pkg/api/static/static.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/api/static/static.go b/pkg/api/static/static.go
index 96c4e23aacf..857df64b621 100644
--- a/pkg/api/static/static.go
+++ b/pkg/api/static/static.go
@@ -16,6 +16,7 @@
 package httpstatic
 
 import (
+	"fmt"
 	"log"
 	"net/http"
 	"os"
@@ -149,7 +150,12 @@ func staticHandler(ctx *macaron.Context, log *log.Logger, opt StaticOptions) boo
 	if fi.IsDir() {
 		// Redirect if missing trailing slash.
 		if !strings.HasSuffix(ctx.Req.URL.Path, "/") {
-			http.Redirect(ctx.Resp, ctx.Req.Request, ctx.Req.URL.Path+"/", http.StatusFound)
+			path := fmt.Sprintf("%s/", ctx.Req.URL.Path)
+			if !strings.HasPrefix(path, "/") {
+				// Disambiguate that it's a path relative to this server
+				path = fmt.Sprintf("/%s", path)
+			}
+			http.Redirect(ctx.Resp, ctx.Req.Request, path, http.StatusFound)
 			return true
 		}