fix: location header rewrite.

Co-authored-by: Daniel Tomcej <daniel.tomcej@gmail.com>

Gopkg.lock

@@ -1915,12 +1915,12 @@
   revision = "50716a0a853771bb36bfce61a45cdefdb98c2e6e"
 
 [[projects]]
-  branch = "v1"
-  digest = "1:819d4566276aed820b412b7e72683edfe99f53d2ac54e5b13eda197b523a369b"
+  digest = "1:649756d307b6d8ddb369d1cca0465b679aa7d1a956ddfa8eb18f8072a1a2b7a4"
   name = "github.com/unrolled/secure"
   packages = ["."]
   pruneopts = "NUT"
-  revision = "232c938a6a69cfd83e26e2bfe100a20486d3a9a0"
+  revision = "996bc0cd7e5be6e6a1c5f34b0259bc47c8bcfbc9"
+  version = "v1.0.5"
 
 [[projects]]
   digest = "1:e84e99d5f369afaa9a5c41f55b57fa03047ecd3bac2a65861607882693ceea81"

Gopkg.toml

@@ -167,8 +167,8 @@
   version = "1.1.0"
 
 [[constraint]]
-  branch = "v1"
   name = "github.com/unrolled/secure"
+  version = "1.0.5"
 
 [[constraint]]
   name = "github.com/vdemeester/shakers"

vendor/github.com/unrolled/secure/secure.go

@@ -437,9 +437,15 @@ func (s *Secure) isSSL(r *http.Request) bool {
 // Used by http.ReverseProxy.
 func (s *Secure) ModifyResponseHeaders(res *http.Response) error {
 	if res != nil && res.Request != nil {
-		// Fix Location response header http to https when SSL is enabled.
+		// Fix Location response header http to https:
+		// When SSL is enabled,
+		// And SSLHost is defined,
+		// And the response location header includes the SSLHost as the domain with a trailing slash,
+		// Or an exact match to the SSLHost.
 		location := res.Header.Get("Location")
-		if s.isSSL(res.Request) && strings.Contains(location, "http:") {
+		if s.isSSL(res.Request) &&
+			len(s.opt.SSLHost) > 0 &&
+			(strings.HasPrefix(location, fmt.Sprintf("http://%s/", s.opt.SSLHost)) || location == fmt.Sprintf("http://%s", s.opt.SSLHost)) {
 			location = strings.Replace(location, "http:", "https:", 1)
 			res.Header.Set("Location", location)
 		}