From cd3e52d91b1b6a7f75123c4106759989c9128b0a Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Thu, 9 Jan 2020 21:38:12 +0000
Subject: [PATCH] Prevent redirect to Host (#9678) (#9680)

---
 modules/context/context.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/context/context.go b/modules/context/context.go
index ef6c19ed1..1db9be112 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -122,7 +123,7 @@ func (ctx *Context) RedirectToFirst(location ...string) {
 		}
 
 		u, err := url.Parse(loc)
-		if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
+		if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
 			continue
 		}