commit
c0160c1e4c
@ -8,6 +8,7 @@ import (
|
|||||||
"html/template"
|
"html/template"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httputil"
|
"net/http/httputil"
|
||||||
"net/url"
|
"net/url"
|
||||||
@ -244,8 +245,14 @@ func jwtDecodeSegment(seg string) ([]byte, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
|
func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
|
||||||
domain := strings.Split(req.Host, ":")[0]
|
domain := req.Host
|
||||||
if p.CookieDomain != "" && strings.HasSuffix(domain, p.CookieDomain) {
|
if h, _, err := net.SplitHostPort(domain); err == nil {
|
||||||
|
domain = h
|
||||||
|
}
|
||||||
|
if p.CookieDomain != "" {
|
||||||
|
if !strings.HasSuffix(domain, p.CookieDomain) {
|
||||||
|
log.Printf("Warning: request host is %q but using configured cookie domain of %q", domain, p.CookieDomain)
|
||||||
|
}
|
||||||
domain = p.CookieDomain
|
domain = p.CookieDomain
|
||||||
}
|
}
|
||||||
cookie := &http.Cookie{
|
cookie := &http.Cookie{
|
||||||
@ -253,16 +260,23 @@ func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
|
|||||||
Value: "",
|
Value: "",
|
||||||
Path: "/",
|
Path: "/",
|
||||||
Domain: domain,
|
Domain: domain,
|
||||||
Expires: time.Now().Add(time.Duration(1) * time.Hour * -1),
|
|
||||||
HttpOnly: p.CookieHttpOnly,
|
HttpOnly: p.CookieHttpOnly,
|
||||||
|
Secure: p.CookieSecure,
|
||||||
|
Expires: time.Now().Add(time.Duration(1) * time.Hour * -1),
|
||||||
}
|
}
|
||||||
http.SetCookie(rw, cookie)
|
http.SetCookie(rw, cookie)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val string) {
|
func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val string) {
|
||||||
|
|
||||||
domain := strings.Split(req.Host, ":")[0] // strip the port (if any)
|
domain := req.Host
|
||||||
if p.CookieDomain != "" && strings.HasSuffix(domain, p.CookieDomain) {
|
if h, _, err := net.SplitHostPort(domain); err == nil {
|
||||||
|
domain = h
|
||||||
|
}
|
||||||
|
if p.CookieDomain != "" {
|
||||||
|
if !strings.HasSuffix(domain, p.CookieDomain) {
|
||||||
|
log.Printf("Warning: request host is %q but using configured cookie domain of %q", domain, p.CookieDomain)
|
||||||
|
}
|
||||||
domain = p.CookieDomain
|
domain = p.CookieDomain
|
||||||
}
|
}
|
||||||
cookie := &http.Cookie{
|
cookie := &http.Cookie{
|
||||||
@ -444,11 +458,6 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
|
|
||||||
if !ok {
|
if !ok {
|
||||||
user, ok = p.CheckBasicAuth(req)
|
user, ok = p.CheckBasicAuth(req)
|
||||||
// if we want to promote basic auth requests to cookie'd requests, we could do that here
|
|
||||||
// not sure that would be ideal in all circumstances though
|
|
||||||
// if ok {
|
|
||||||
// p.SetCookie(rw, req, user)
|
|
||||||
// }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ok {
|
if !ok {
|
||||||
|
Loading…
Reference in New Issue
Block a user