diff --git a/Makefile b/Makefile
index 3dec83272ef..c626d33258c 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
.PHONY: clean
clean:
@rm -rf static
- @go clean
+ @go clean -i
.PHONY: static
static:
diff --git a/web/__snapshots__/web.snapshot b/web/__snapshots__/web.snapshot
index a3161a7f9f3..a2aa281b507 100644
--- a/web/__snapshots__/web.snapshot
+++ b/web/__snapshots__/web.snapshot
@@ -23,6 +23,15 @@ Location: /foobar/
Moved Permanently.
+/* snapshot: Test_createRoutes_redirect_with_auth */
+HTTP/1.1 307 Temporary Redirect
+Connection: close
+Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; manifest-src 'self'; connect-src 'self' api.github.com; require-trusted-types-for 'script'
+Content-Type: text/html; charset=utf-8
+Location: /foobar/login
+
+Temporary Redirect.
+
/* snapshot: Test_createRoutes_username_password */
HTTP/1.1 307 Temporary Redirect
Connection: close
diff --git a/web/auth.go b/web/auth.go
index 384d189188f..424bc17a795 100644
--- a/web/auth.go
+++ b/web/auth.go
@@ -15,6 +15,7 @@ const authorityKey = "AUTH_TIMESTAMP"
const sessionName = "session"
func initializeAuth(h *handler) {
+ secured = false
if h.config.Username != "" && h.config.Password != "" {
store = sessions.NewCookieStore([]byte(h.config.Key))
store.Options.HttpOnly = true
diff --git a/web/routes.go b/web/routes.go
index c7658e77e15..4f3c2b4eeb2 100644
--- a/web/routes.go
+++ b/web/routes.go
@@ -6,6 +6,7 @@ import (
"io/fs"
"io/ioutil"
"net/http"
+ "path"
"github.com/amir20/dozzle/docker"
@@ -83,7 +84,7 @@ func (h *handler) index(w http.ResponseWriter, req *http.Request) {
fileServer.ServeHTTP(w, req)
} else {
if !isAuthorized(req) && req.URL.Path != "login" {
- http.Redirect(w, req, h.config.Base+"login", http.StatusTemporaryRedirect)
+ http.Redirect(w, req, path.Clean(h.config.Base+"/login"), http.StatusTemporaryRedirect)
return
}
h.executeTemplate(w, req)
diff --git a/web/routes_test.go b/web/routes_test.go
index ed5460de288..1ad8bc787ac 100644
--- a/web/routes_test.go
+++ b/web/routes_test.go
@@ -267,6 +267,19 @@ func Test_createRoutes_redirect(t *testing.T) {
abide.AssertHTTPResponse(t, t.Name(), rr.Result())
}
+func Test_createRoutes_redirect_with_auth(t *testing.T) {
+ fs := afero.NewMemMapFs()
+ require.NoError(t, afero.WriteFile(fs, "index.html", []byte("index page"), 0644), "WriteFile should have no error.")
+
+ handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/foobar", Username: "amir", Password: "password", Key: "key"})
+ req, err := http.NewRequest("GET", "/foobar/", nil)
+ require.NoError(t, err, "NewRequest should not return an error.")
+ rr := httptest.NewRecorder()
+
+ handler.ServeHTTP(rr, req)
+ abide.AssertHTTPResponse(t, t.Name(), rr.Result())
+}
+
func Test_createRoutes_foobar(t *testing.T) {
fs := afero.NewMemMapFs()
require.NoError(t, afero.WriteFile(fs, "index.html", []byte("foo page"), 0644), "WriteFile should have no error.")