TUN-2355: Roll back TUN-2276

This reverts commit 02f0ed951f.
2025-07-27 18:39:58 +00:00 · 2019-09-26 14:02:01 -05:00
parent 71d66ae7ee
commit a99fac1e31
2 changed files with 10 additions and 197 deletions
--- a/streamhandler/request.go
+++ b/streamhandler/request.go
@@ -45,11 +45,16 @@ func H2RequestHeadersToH1Request(h2 []h2mux.Header, h1 *http.Request) error {
 			// Otherwise the host header will be based on the origin URL
 			h1.Host = header.Value
 		case ":path":
-			// We can't just set `URL.Path`, because there's no way to ask the library to *not* escape it,
-			// causing https://github.com/cloudflare/cloudflared/issues/124.
-			// The only way to bypass the URL escape seems to currently be `URL.Opaque`.
-			// See https://github.com/golang/go/issues/5777
-			h1.URL.Opaque = fmt.Sprintf("//%v%v", h1.URL.Host, header.Value)
+			u, err := url.Parse(header.Value)
+			if err != nil {
+				return fmt.Errorf("unparseable path")
+			}
+			resolved := h1.URL.ResolveReference(u)
+			// prevent escaping base URL
+			if !strings.HasPrefix(resolved.String(), h1.URL.String()) {
+				return fmt.Errorf("invalid path")
+			}
+			h1.URL = resolved
 		case "content-length":
 			contentLength, err := strconv.ParseInt(header.Value, 10, 64)
 			if err != nil {