public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

More fully support X-Auth-Request-Redirect header 

Docs showed that the X-Auth-Request-Redirect header can specify a redirect URI, but only the rd POST parameter was being honored
This fixes that.
This commit is contained in:
Ian Hunter 2019-08-17 15:50:37 -05:00
parent d00c14a2a7
commit a209a52df1
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/configuration/configuration.md
View File

@ -247,6 +247,8 @@ server {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme; proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri; proxy_set_header X-Auth-Request-Redirect $request_uri;
# or, if you are handling multiple domains:
# proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
} }
location = /oauth2/auth { location = /oauth2/auth {
proxy_pass http://127.0.0.1:4180; proxy_pass http://127.0.0.1:4180;

3
oauthproxy.go
View File

@ -480,7 +480,10 @@ func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)
return return
} }
redirect = req.Header.Get("X-Auth-Request-Redirect")
if req.Form.Get("rd") != "" {
redirect = req.Form.Get("rd") redirect = req.Form.Get("rd")
}
if !p.IsValidRedirect(redirect) { if !p.IsValidRedirect(redirect) {
redirect = req.URL.Path redirect = req.URL.Path
if strings.HasPrefix(redirect, p.ProxyPrefix) { if strings.HasPrefix(redirect, p.ProxyPrefix) {