fix: show login page on broken session cookie (#2605)
* fix: redirect on invalid cookie * docs: update changelog * chore: remove duplicated code * fix: status code handling if wrong http method is used --------- Signed-off-by: Jan Larwig <jan@larwig.com> Co-authored-by: Jan Larwig <jan@larwig.com>
This commit is contained in:
Johann
GitHub
parent
b57c82181d
commit
5e7f14bdcb
|
|
@ -9,6 +9,7 @@
|
|||
## Changes since v7.10.0
|
||||
|
||||
- [#2615](https://github.com/oauth2-proxy/oauth2-proxy/pull/2615) feat(cookies): add option to set a limit on the number of per-request CSRF cookies oauth2-proxy sets (@bh-tt)
|
||||
- [#2605](https://github.com/oauth2-proxy/oauth2-proxy/pull/2605) fix: show login page on broken cookie (@Primexz)
|
||||
|
||||
# V7.10.0
|
||||
|
||||
|
|
|
|||
|
|
@ -633,12 +633,6 @@ func (p *OAuthProxy) isTrustedIP(req *http.Request) bool {
|
|||
// SignInPage writes the sign in template to the response
|
||||
func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code int) {
|
||||
prepareNoCache(rw)
|
||||
err := p.ClearSessionCookie(rw, req)
|
||||
if err != nil {
|
||||
logger.Printf("Error clearing session cookie: %v", err)
|
||||
p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error())
|
||||
return
|
||||
}
|
||||
rw.WriteHeader(code)
|
||||
|
||||
redirectURL, err := p.appDirector.GetRedirect(req)
|
||||
|
|
@ -652,6 +646,10 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
|
|||
redirectURL = "/"
|
||||
}
|
||||
|
||||
if err := p.ClearSessionCookie(rw, req); err != nil {
|
||||
logger.Printf("Error clearing session cookie: %v", err)
|
||||
}
|
||||
|
||||
p.pageWriter.WriteSignInPage(rw, req, redirectURL, code)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue