insecure.go

     1  // Copyright 2022 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package vcweb
     6  
     7  import (
     8  	"log"
     9  	"net/http"
    10  )
    11  
    12  // insecureHandler redirects requests to the same host and path but using the
    13  // "http" scheme instead of "https".
    14  type insecureHandler struct{}
    15  
    16  func (h *insecureHandler) Available() bool { return true }
    17  
    18  func (h *insecureHandler) Handler(dir string, env []string, logger *log.Logger) (http.Handler, error) {
    19  	// The insecure-redirect handler implementation doesn't depend or dir or env.
    20  	//
    21  	// The only effect of the directory is to determine which prefix the caller
    22  	// will strip from the request before passing it on to this handler.
    23  	return h, nil
    24  }
    25  
    26  func (h *insecureHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
    27  	if req.Host == "" && req.URL.Host == "" {
    28  		http.Error(w, "no Host provided in request", http.StatusBadRequest)
    29  		return
    30  	}
    31  
    32  	// Note that if the handler is wrapped with http.StripPrefix, the prefix
    33  	// will remain stripped in the redirected URL, preventing redirect loops
    34  	// if the scheme is already "http".
    35  
    36  	u := *req.URL
    37  	u.Scheme = "http"
    38  	u.User = nil
    39  	u.Host = req.Host
    40  
    41  	http.Redirect(w, req, u.String(), http.StatusFound)
    42  }
    43
View as plain text