safeweb: move http.Serve for HTTP redirects into lib (#11592)

Refactor the interaction between caller/library when establishing the HTTP to HTTPS redirects by moving the call to http.Serve into safeweb. This makes linting for other uses of http.Serve easier without having to account for false positives created by the old interface. Updates https://github.com/tailscale/corp/issues/8027 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
2025-03-28 20:12:27 +00:00 · 2024-04-02 12:04:24 -07:00 · 2024-04-02 12:04:24 -07:00 · 1535d0feca
commit 1535d0feca
parent f384742375
1 changed files with 7 additions and 5 deletions
--- a/safeweb/http.go
+++ b/safeweb/http.go
@ -242,10 +242,12 @@ func (s *Server) serveBrowser(w http.ResponseWriter, r *http.Request) {
 	s.csrfProtect(s.BrowserMux).ServeHTTP(w, r)
 }
-// RedirectHTTP returns a handler that redirects all incoming HTTP requests to
+// ServeRedirectHTTP serves a single HTTP handler on the provided listener that
-// the provided fully qualified domain name (FQDN).
+// redirects all incoming HTTP requests to the HTTPS address of the provided
-func (s *Server) RedirectHTTP(fqdn string) http.Handler {
+// fully qualified domain name (FQDN). Callers are responsible for closing the
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+// listener.
 func (s *Server) ServeRedirectHTTP(ln net.Listener, fqdn string) error {
 	return http.Serve(ln, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		new := url.URL{
 			Scheme:   "https",
 			Host:     fqdn,
@ -254,7 +256,7 @@ func (s *Server) RedirectHTTP(fqdn string) http.Handler {
 		}
 		http.Redirect(w, r, new.String(), http.StatusMovedPermanently)
-	})
+	}))
 }
 // Serve starts the server and listens on the provided listener. It will block