add allowed-redirect config for upstream

server.go

@@ -17,13 +17,27 @@ import (
 	"time"
 )
 
+type reqCtxKey int
+
+const (
+	reqCtxAllowedRedirect reqCtxKey = iota
+)
+
 var zeroTime time.Time
 
 var (
 	httpClient = http.Client{
-
-		// No redirect!
+		// check allowed redirect
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			lastRequest := via[len(via)-1]
+			if allowedRedirect, ok := lastRequest.Context().Value(reqCtxAllowedRedirect).(string); ok {
+				if matched, err := regexp.MatchString(allowedRedirect, req.URL.String()); err != nil {
+					return err
+				} else if !matched {
+					return http.ErrUseLastResponse
+				}
+				return nil
+			}
 			return http.ErrUseLastResponse
 		},
 	}
@@ -492,6 +506,11 @@ func (server *Server) tryUpstream(ctx context.Context, upstreamIdx int, r *http.
 	if lastModified != zeroTime {
 		method = http.MethodGet
 	}
+
+	if upstream.AllowedRedirect != nil {
+		ctx = context.WithValue(ctx, reqCtxAllowedRedirect, *upstream.AllowedRedirect)
+	}
+
 	request, err := http.NewRequestWithContext(ctx, method, newurl, nil)
 	if err != nil {
 		return nil, nil, err