From a96a535c5af7670997d0c73f1d3e76c500ce992c Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Thu, 9 Jan 2020 20:39:30 +0000
Subject: [PATCH 1/2] Prevent redirect to Host

---
 modules/context/context.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/context/context.go b/modules/context/context.go
index 4b590a7181362..570f3f5ee4b94 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -122,7 +122,7 @@ func (ctx *Context) RedirectToFirst(location ...string) {
 		}
 
 		u, err := url.Parse(loc)
-		if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
+		if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
 			continue
 		}
 

From a3123a8e9801075ddc7c8b06ec0a3598d51db6f9 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Thu, 9 Jan 2020 21:12:03 +0000
Subject: [PATCH 2/2] Update context.go

---
 modules/context/context.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/context/context.go b/modules/context/context.go
index 570f3f5ee4b94..f8663b9c03b07 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.