From 9b2339042ea556ca42f6307d3f0ec5b009c7eab4 Mon Sep 17 00:00:00 2001
From: Aaron Hurt <ahurt@anbcs.com>
Date: Fri, 16 Mar 2018 07:52:23 -0500
Subject: [PATCH] Ensure BuildRedirectURL enforces non-empty path

---
 proxy/http_integration_test.go |  2 +-
 route/table_test.go            | 20 +++++++++++++++-----
 route/target.go                |  3 +++
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/proxy/http_integration_test.go b/proxy/http_integration_test.go
index 1a0870306..4631cdb7d 100644
--- a/proxy/http_integration_test.go
+++ b/proxy/http_integration_test.go
@@ -284,7 +284,7 @@ func TestRedirect(t *testing.T) {
 		{req: "/", wantCode: 301, wantLoc: "http://a.com/"},
 		{req: "/aaa/bbb", wantCode: 301, wantLoc: "http://a.com/aaa/bbb"},
 		{req: "/foo", wantCode: 301, wantLoc: "http://a.com/abc"},
-		{req: "/bar", wantCode: 302, wantLoc: "http://b.com"},
+		{req: "/bar", wantCode: 302, wantLoc: "http://b.com/"},
 		{req: "/bar/aaa", wantCode: 302, wantLoc: "http://b.com/aaa"},
 	}
 
diff --git a/route/table_test.go b/route/table_test.go
index deea8c249..ce8a0dca2 100644
--- a/route/table_test.go
+++ b/route/table_test.go
@@ -487,10 +487,10 @@ func TestNormalizeHost(t *testing.T) {
 // for more information on the issue and purpose of this test
 func TestTableLookupIssue448(t *testing.T) {
 	s := `
-	route add mock-0 foo.com:80/ https://foo.com/ opts "redirect=301"
-	route add mock-2 aaa.com:80/ http://bbb.com/ opts "redirect=301"
-	route add mock-3 ccc.com:443/bar https://ccc.com/baz opts "redirect=301"
-	route add mock-4 / http://foo.com/
+	route add mock foo.com:80/ https://foo.com/ opts "redirect=301"
+	route add mock aaa.com:80/ http://bbb.com/ opts "redirect=301"
+	route add mock ccc.com:443/bar https://ccc.com/baz opts "redirect=301"
+	route add mock / http://foo.com/
 	`
 
 	tbl, err := NewTable(s)
@@ -517,7 +517,17 @@ func TestTableLookupIssue448(t *testing.T) {
 				Header: http.Header{"X-Forwarded-Proto": {"http"}},
 			},
 			dst: "https://foo.com/",
-			// upstream http request to same https host and path should follow redirect
+			// upstream http request to same host and path should follow redirect
+		},
+		{
+			req: &http.Request{
+				Host:   "foo.com",
+				URL:    mustParse("/"),
+				Header: http.Header{"X-Forwarded-Proto": {"https"}},
+				TLS:    &tls.ConnectionState{},
+			},
+			dst: "http://foo.com/",
+			// upstream https request to same host and path should NOT follow redirect"
 		},
 		{
 			req: &http.Request{
diff --git a/route/target.go b/route/target.go
index e91fdc0a9..db9e5244b 100644
--- a/route/target.go
+++ b/route/target.go
@@ -82,4 +82,7 @@ func (t *Target) BuildRedirectURL(requestURL *url.URL) {
 			t.RedirectURL.RawQuery = requestURL.RawQuery
 		}
 	}
+	if t.RedirectURL.Path == "" {
+		t.RedirectURL.Path = "/"
+	}
 }