More fully support X-Auth-Request-Redirect header

Docs showed that the X-Auth-Request-Redirect header can specify a redirect URI, but only the rd POST parameter was being honored
This fixes that.
This commit is contained in:
Ian Hunter 2019-08-17 15:50:37 -05:00
parent d00c14a2a7
commit a209a52df1
2 changed files with 6 additions and 1 deletions

View File

@ -247,6 +247,8 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
# or, if you are handling multiple domains:
# proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
}
location = /oauth2/auth {
proxy_pass http://127.0.0.1:4180;

View File

@ -480,7 +480,10 @@ func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)
return
}
redirect = req.Header.Get("X-Auth-Request-Redirect")
if req.Form.Get("rd") != "" {
redirect = req.Form.Get("rd")
}
if !p.IsValidRedirect(redirect) {
redirect = req.URL.Path
if strings.HasPrefix(redirect, p.ProxyPrefix) {