Mirrors/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-03-21 21:09:32 +01:00
Code Issues Projects Releases Packages Wiki Activity

forwardauth: Canonicalize header fields (fix #5038) (#5097)

Browse source
This commit is contained in:
Matt Holt 2022-10-04 23:37:01 -06:00 committed by GitHub
parent ea58d51907
commit 2153a81ec8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go
View file

@ -38,29 +38,28 @@ func init() {
// configured for most™ auth gateways that support forward auth. The typical // configured for most™ auth gateways that support forward auth. The typical
// config which looks something like this: // config which looks something like this:
// //
// forward_auth auth-gateway:9091 { // forward_auth auth-gateway:9091 {
// uri /authenticate?redirect=https://auth.example.com // uri /authenticate?redirect=https://auth.example.com
// copy_headers Remote-User Remote-Email // copy_headers Remote-User Remote-Email
// } // }
// //
// is equivalent to a reverse_proxy directive like this: // is equivalent to a reverse_proxy directive like this:
// //
// reverse_proxy auth-gateway:9091 { // reverse_proxy auth-gateway:9091 {
// method GET // method GET
// rewrite /authenticate?redirect=https://auth.example.com // rewrite /authenticate?redirect=https://auth.example.com
// //
// header_up X-Forwarded-Method {method} // header_up X-Forwarded-Method {method}
// header_up X-Forwarded-Uri {uri} // header_up X-Forwarded-Uri {uri}
//
// @good status 2xx
// handle_response @good {
// request_header {
// Remote-User {http.reverse_proxy.header.Remote-User}
// Remote-Email {http.reverse_proxy.header.Remote-Email}
// }
// }
// }
// //
// @good status 2xx
// handle_response @good {
// request_header {
// Remote-User {http.reverse_proxy.header.Remote-User}
// Remote-Email {http.reverse_proxy.header.Remote-Email}
// }
// }
// }
func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) {
if !h.Next() { if !h.Next() {
return nil, h.ArgErr() return nil, h.ArgErr()
@ -196,9 +195,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error)
// need at least one handler in the routes for the response handling // need at least one handler in the routes for the response handling
// logic in reverse_proxy to not skip this entry as empty. // logic in reverse_proxy to not skip this entry as empty.
for from, to := range headersToCopy { for from, to := range headersToCopy {
handler.Request.Set[to] = []string{ handler.Request.Set.Set(to, "{http.reverse_proxy.header."+http.CanonicalHeaderKey(from)+"}")
"{http.reverse_proxy.header." + from + "}",
}
} }
goodResponseHandler.Routes = append( goodResponseHandler.Routes = append(