hyper-staticfile performs a redirect for a directory request (e.g. a
/dir that redirects to
Location header value was
derived from user input (the request path), simply appending a slash. The
intent was to perform an origin-relative redirect, but specific inputs
allowed performing a scheme-relative redirect instead.
An attacker could craft a special URL that would appear to be for the correct
domain, but immediately redirects to a malicious domain. Such a URL can benefit
phishing attacks, for example an innocent looking link in an email.