feat(enhancement)!: do not strip the port from the request URL host for redirect host comparison (#1159)

jeevatkm · web-flow · commit 11551c380ade · 2026-05-04T00:00:28.000-07:00
diff --git a/client_test.go b/client_test.go
@@ -115,7 +115,7 @@ func TestClientRedirectPolicy(t *testing.T) {
 	ts := createRedirectServer(t)
 	defer ts.Close()
 
-	c := dcnl().SetRedirectPolicy(RedirectFlexiblePolicy(20), RedirectDomainCheckPolicy("127.0.0.1"))
+	c := dcnl().SetRedirectPolicy(RedirectFlexiblePolicy(20), RedirectDomainCheckPolicy(ts.URL[len("http://"):]))
 	res, err := c.R().
 		SetHeader("Name1", "Value1").
 		SetHeader("Name2", "Value2").
diff --git a/redirect.go b/redirect.go
@@ -8,7 +8,7 @@ package resty
 import (
 	"errors"
 	"fmt"
-	"net"
+	"maps"
 	"net/http"
 	"strings"
 )
@@ -76,8 +76,8 @@ func RedirectDomainCheckPolicy(hostnames ...string) RedirectPolicy {
 	}
 
 	return RedirectPolicyFunc(func(req *http.Request, via []*http.Request) error {
-		if ok := hosts[getHostname(req.URL.Host)]; !ok {
-			return errors.New("redirect is not allowed as per DomainCheckRedirectPolicy")
+		if ok := hosts[strings.ToLower(req.URL.Host)]; !ok {
+			return errors.New("resty: redirect is not allowed as per DomainCheckRedirectPolicy")
 		}
 		checkHostAndAddHeaders(req, via[0])
 		return nil
@@ -123,14 +123,6 @@ func RedirectHeaderStripSensitivePolicy(applyDefault bool, headers ...string) Re
 	})
 }
 
-func getHostname(host string) (hostname string) {
-	if strings.Index(host, ":") > 0 {
-		host, _, _ = net.SplitHostPort(host)
-	}
-	hostname = strings.ToLower(host)
-	return
-}
-
 // By default, Golang will not redirect request headers.
 // After reading through the various discussion comments from the thread -
 // https://github.com/golang/go/issues/4800
@@ -143,12 +135,10 @@ func getHostname(host string) (hostname string) {
 // (e.g. those set via [Client.SetHeaderAuthorizationKey]) are forwarded
 // verbatim unless explicitly removed. See https://github.com/go-resty/resty/issues/1128.
 func checkHostAndAddHeaders(cur *http.Request, pre *http.Request) {
-	curHostname := getHostname(cur.URL.Host)
-	preHostname := getHostname(pre.URL.Host)
+	curHostname := strings.ToLower(cur.URL.Host)
+	preHostname := strings.ToLower(pre.URL.Host)
 	if strings.EqualFold(curHostname, preHostname) {
-		for key, val := range pre.Header {
-			cur.Header[key] = val
-		}
+		maps.Copy(cur.Header, pre.Header)
 	} else {
 		// Cross-domain redirect: strip sensitive headers that Go's
 		// net/http does not know about (custom auth, token, api-key, etc.).
diff --git a/request_test.go b/request_test.go
@@ -975,7 +975,7 @@ func TestHostCheckRedirectPolicy(t *testing.T) {
 	defer ts.Close()
 
 	c := dcnl().
-		SetRedirectPolicy(RedirectDomainCheckPolicy("127.0.0.1"))
+		SetRedirectPolicy(RedirectDomainCheckPolicy(ts.URL[len("http://"):]))
 
 	_, err := c.R().Get(ts.URL + "/redirect-host-check-1")
 
