From 360a9f83d719cbe803b62055da7d3594bd3f7a52 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Thu, 9 Jan 2020 20:39:30 +0000
Subject: [PATCH 1/2] Prevent redirect to Host

---
 modules/context/context.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/context/context.go b/modules/context/context.go
index 4b590a718136..570f3f5ee4b9 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -122,7 +122,7 @@ func (ctx *Context) RedirectToFirst(location ...string) {
 		}
 
 		u, err := url.Parse(loc)
-		if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
+		if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
 			continue
 		}
 

From e0d722e03dfa77730d86892cc0720ae83d62edea Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Thu, 9 Jan 2020 21:11:37 +0000
Subject: [PATCH 2/2] Update context.go

---
 modules/context/context.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/context/context.go b/modules/context/context.go
index 570f3f5ee4b9..f8663b9c03b0 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.