public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: use X-Forwarded-Uri if it exists for pathRegex match 

the functions `isApiPath` and `isAllowedPath` use the `req.URL.Path` property which leads to faulty behavior when behind a reverse proxy. The correct path can be inferred from the `X-Forwarded-Uri` header by making use of the already provided `requestutil.GetRequestURI` function.

Co-authored-by: Jan Wystub <jan@bam-bam-bam.com>
This commit is contained in:
Marius Zander 2023-06-14 17:49:08 +02:00 committed by Jan Wystub
parent 7b3a36b854
commit 7529095e1a
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
oauthproxy.go
View File

@ -554,7 +554,7 @@ func isAllowedMethod(req *http.Request, route allowedRoute) bool {
} }
func isAllowedPath(req *http.Request, route allowedRoute) bool { func isAllowedPath(req *http.Request, route allowedRoute) bool {
matches := route.pathRegex.MatchString(req.URL.Path) matches := route.pathRegex.MatchString(requestutil.GetRequestURI(req))
if route.negate { if route.negate {
return !matches return !matches
@ -575,7 +575,7 @@ func (p *OAuthProxy) isAllowedRoute(req *http.Request) bool {
func (p *OAuthProxy) isAPIPath(req *http.Request) bool { func (p *OAuthProxy) isAPIPath(req *http.Request) bool {
for _, route := range p.apiRoutes { for _, route := range p.apiRoutes {
if route.pathRegex.MatchString(req.URL.Path) { if route.pathRegex.MatchString(requestutil.GetRequestURI(req)) {
return true return true
} }
} }