From a209a52df1e8462796918392308a56f5b5d959ff Mon Sep 17 00:00:00 2001
From: Ian Hunter <ian@ianhunter.me>
Date: Sat, 17 Aug 2019 15:50:37 -0500
Subject: [PATCH 1/2] More fully support X-Auth-Request-Redirect header Docs
 showed that the X-Auth-Request-Redirect header can specify a redirect URI,
 but only the rd POST parameter was being honored This fixes that.

---
 docs/configuration/configuration.md | 2 ++
 oauthproxy.go                       | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md
index 05cc2998..8a182ddb 100644
--- a/docs/configuration/configuration.md
+++ b/docs/configuration/configuration.md
@@ -247,6 +247,8 @@ server {
     proxy_set_header X-Real-IP               $remote_addr;
     proxy_set_header X-Scheme                $scheme;
     proxy_set_header X-Auth-Request-Redirect $request_uri;
+    # or, if you are handling multiple domains:
+    # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
   }
   location = /oauth2/auth {
     proxy_pass       http://127.0.0.1:4180;
diff --git a/oauthproxy.go b/oauthproxy.go
index 2418e736..5af2e9cb 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -480,7 +480,10 @@ func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)
 		return
 	}
 
-	redirect = req.Form.Get("rd")
+	redirect = req.Header.Get("X-Auth-Request-Redirect")
+	if req.Form.Get("rd") != "" {
+		redirect = req.Form.Get("rd")
+	}
 	if !p.IsValidRedirect(redirect) {
 		redirect = req.URL.Path
 		if strings.HasPrefix(redirect, p.ProxyPrefix) {

From 18a77e66180161112d1eec7326304a849e552a17 Mon Sep 17 00:00:00 2001
From: Ian Hunter <ian@ianhunter.me>
Date: Thu, 19 Sep 2019 11:26:13 -0500
Subject: [PATCH 2/2] Reflect #248 PR in CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 44cd0cf6..7a0feb86 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 # v4.0.0
 
+- [#248](https://github.com/pusher/oauth2_proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored
+
 ## Release Highlights
 - Documentation is now on a [microsite](https://pusher.github.io/oauth2_proxy/)
 - Health check logging can now be disabled for quieter logs