From a209a52df1e8462796918392308a56f5b5d959ff Mon Sep 17 00:00:00 2001 From: Ian Hunter Date: Sat, 17 Aug 2019 15:50:37 -0500 Subject: [PATCH] More fully support X-Auth-Request-Redirect header Docs showed that the X-Auth-Request-Redirect header can specify a redirect URI, but only the rd POST parameter was being honored This fixes that. --- docs/configuration/configuration.md | 2 ++ oauthproxy.go | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index 05cc299..8a182dd 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -247,6 +247,8 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Auth-Request-Redirect $request_uri; + # or, if you are handling multiple domains: + # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; } location = /oauth2/auth { proxy_pass http://127.0.0.1:4180; diff --git a/oauthproxy.go b/oauthproxy.go index 2418e73..5af2e9c 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -480,7 +480,10 @@ func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error) return } - redirect = req.Form.Get("rd") + redirect = req.Header.Get("X-Auth-Request-Redirect") + if req.Form.Get("rd") != "" { + redirect = req.Form.Get("rd") + } if !p.IsValidRedirect(redirect) { redirect = req.URL.Path if strings.HasPrefix(redirect, p.ProxyPrefix) {