Values of 'lax' and 'strict' can improve and mitigate
some categories of cross-site traffic tampering.
Given that the nature of this proxy is often to proxy
private tools, this is useful to take advantage of.
See: https://www.owasp.org/index.php/SameSite
* Added userinfo endpoint
* Added documentation for the userinfo endpoint
* Update oauthproxy.go
Co-Authored-By: Dan Bond <pm@danbond.io>
* Suggested fixes : Streaming json to rw , header set after error check
* Update oauthproxy.go
Co-Authored-By: Dan Bond <pm@danbond.io>
* fix session.Email
* Ported tests and updated changelog
* Remove shadowing of predeclared identifier: new.
* strings.ReplaceAll instead of strings.Replace with -1.
* Change strings.ToLower comparison to strings.EqualFold.
* Rewrite if-else-if-else chain as a switch.
alone
Previously some headers that are normally set by the proxy (and may be
replied upstream for authorization decisiions) were not being set
depending on values in the users sesssion.
This change ensure that if a given header is sometimes set, it will
always be either set or removed.
It might be worth considerating always deleting these headers if we
didn't add them.
* New flag "-ssl-upstream-insecure-skip-validation" to skip SSL validation for upstreams with self generated / invalid SSL certificates.
* Fix tests for modified NewReverseProxy method.
* Added change to the changelog.
* Remove duplicate entries from changelog.
- Add `ping-path` option to enable switching on and passing to `logger.go`
Default remains unchanged at: `"/ping"`
- Add note in configuration.md about silence flag taking precedence
Potential tests:
- `options.go` sets `logger.SetExcludePath` based on silence flag?
- Changing `PingPath` reflected in router?
* fixes deletion of splitted cookies
* three minor adjustments to improve the tests
* changed cookie name matching to regex
* Update oauthproxy.go
Co-Authored-By: einfachchr <einfachchr@gmail.com>
* removed unused variable
* Changelog
* Added conditional to prevent user-supplied redirect URL getting
clobbered
Change-type: patch
* use redirectURL as OAuthCallbackURL (as it should be!)
Change-type: patch
* Access token forwarding through nginx auth request
Related to #420.
(cherry picked from commit b138872bea)
Signed-off-by: David Holsgrove <david.holsgrove@biarri.com>
* Improved documentation for auth request token
(cherry picked from commit 6fab314f72)
Signed-off-by: David Holsgrove <david.holsgrove@biarri.com>
* Update README.md
Example should set header as `X-Access-Token`
Co-Authored-By: davidholsgrove <davidholsgrove@users.noreply.github.com>
* Update Changelog to reference https://github.com/pusher/oauth2_proxy/pull/68
* Fix Changelog message location
Paul Groudas
Felix Fontein
Moraru Costel
Christian Groschupp
Konstantine
Kirill Motkov
Ian Hunter
Adam Eijdenberg
ferhat elmas
jansinger
Karl Skewes
Joel Speed
Henry Jenkins
Henry Jenkins
Brian Van Klaveren
Adam Eijdenberg
timothy-spencer
Mister Wil
MisterWil
Costel Moraru
gyson
Patrick Koenig
einfachchr
Adam Szalkowski
dt-rush
David Holsgrove