Merge pull request #34 from marratj/cookie-separator
Change cookie index separator to underscore
This commit is contained in:
commit
fb13ee87c8
35
README.md
35
README.md
@ -427,12 +427,47 @@ server {
|
|||||||
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||||
add_header Set-Cookie $auth_cookie;
|
add_header Set-Cookie $auth_cookie;
|
||||||
|
|
||||||
|
# When using the --set-authorization flag, some provider's cookies can exceed the 4kb
|
||||||
|
# limit and so the OAuth2 Proxy splits these into multiple parts.
|
||||||
|
# Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
|
||||||
|
# so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
|
||||||
|
auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;
|
||||||
|
|
||||||
|
# Extract the Cookie attributes from the first Set-Cookie header and append them
|
||||||
|
# to the second part ($upstream_cookie_* variables only contain the raw cookie content)
|
||||||
|
if ($auth_cookie ~* "(; .*)") {
|
||||||
|
set $auth_cookie_name_0 $auth_cookie;
|
||||||
|
set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Send both Set-Cookie headers now if there was a second part
|
||||||
|
if ($auth_cookie_name_upstream_1) {
|
||||||
|
add_header Set-Cookie $auth_cookie_name_0;
|
||||||
|
add_header Set-Cookie $auth_cookie_name_1;
|
||||||
|
}
|
||||||
|
|
||||||
proxy_pass http://backend/;
|
proxy_pass http://backend/;
|
||||||
# or "root /path/to/site;" or "fastcgi_pass ..." etc
|
# or "root /path/to/site;" or "fastcgi_pass ..." etc
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If you use ingress-nginx in Kubernetes (which includes the Lua module), you also can use the following configuration snippet for your Ingress:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$request_uri
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
|
||||||
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||||
|
auth_request_set $name_upstream_1 $upstream_cookie_name_1;
|
||||||
|
|
||||||
|
access_by_lua_block {
|
||||||
|
if ngx.var.name_upstream_1 ~= "" then
|
||||||
|
ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
|
||||||
|
end
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
Please see our [Contributing](CONTRIBUTING.md) guidelines.
|
Please see our [Contributing](CONTRIBUTING.md) guidelines.
|
||||||
|
@ -331,7 +331,7 @@ func splitCookie(c *http.Cookie) []*http.Cookie {
|
|||||||
count := 0
|
count := 0
|
||||||
for len(valueBytes) > 0 {
|
for len(valueBytes) > 0 {
|
||||||
new := copyCookie(c)
|
new := copyCookie(c)
|
||||||
new.Name = fmt.Sprintf("%s-%d", c.Name, count)
|
new.Name = fmt.Sprintf("%s_%d", c.Name, count)
|
||||||
count++
|
count++
|
||||||
if len(valueBytes) < maxCookieLength {
|
if len(valueBytes) < maxCookieLength {
|
||||||
new.Value = string(valueBytes)
|
new.Value = string(valueBytes)
|
||||||
@ -359,7 +359,7 @@ func joinCookies(cookies []*http.Cookie) (*http.Cookie, error) {
|
|||||||
for i := 1; i < len(cookies); i++ {
|
for i := 1; i < len(cookies); i++ {
|
||||||
c.Value += cookies[i].Value
|
c.Value += cookies[i].Value
|
||||||
}
|
}
|
||||||
c.Name = strings.TrimRight(c.Name, "-0")
|
c.Name = strings.TrimRight(c.Name, "_0")
|
||||||
return c, nil
|
return c, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -376,7 +376,7 @@ func loadCookie(req *http.Request, cookieName string) (*http.Cookie, error) {
|
|||||||
count := 0
|
count := 0
|
||||||
for err == nil {
|
for err == nil {
|
||||||
var c *http.Cookie
|
var c *http.Cookie
|
||||||
c, err = req.Cookie(fmt.Sprintf("%s-%d", cookieName, count))
|
c, err = req.Cookie(fmt.Sprintf("%s_%d", cookieName, count))
|
||||||
if err == nil {
|
if err == nil {
|
||||||
cookies = append(cookies, c)
|
cookies = append(cookies, c)
|
||||||
count++
|
count++
|
||||||
|
Loading…
Reference in New Issue
Block a user