public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Allow parsing remote address headers over unix sockets 

When listening to a unix socket there is no RemoteAddr for http.Request.
Instead of setting nil, Go sets it to '@'. Marking the IP as trusted if
RemoteAddr allows rest of the settings for parsing remote address in
headers to be applied.

Signed-off-by: Josef Johansson <josef@oderland.se>
This commit is contained in:
Josef Johansson 2024-02-25 12:29:20 +01:00 committed by Josef Johansson
parent e00c7a7edd
commit bc8e7162db
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
oauthproxy.go
View File

@ -606,7 +606,9 @@ func (p *OAuthProxy) isAPIPath(req *http.Request) bool {
// isTrustedIP is used to check if a request comes from a trusted client IP address. // isTrustedIP is used to check if a request comes from a trusted client IP address.
func (p *OAuthProxy) isTrustedIP(req *http.Request) bool { func (p *OAuthProxy) isTrustedIP(req *http.Request) bool {
if p.trustedIPs == nil { // RemoteAddr @ means unix socket
// https://github.com/golang/go/blob/0fa53e41f122b1661d0678a6d36d71b7b5ad031d/src/syscall/syscall_linux.go#L506-L511
if p.trustedIPs == nil && req.RemoteAddr != "@" {
return false return false
} }