go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Code Issues Releases Activity

Use StatusForbidden to prevent infinite redirects

Browse Source
This commit is contained in:
Nick Meves
2020-11-17 19:03:41 -08:00
parent 23b2355f85
commit 44d83e5f95
2 changed files with 18 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
oauthproxy.go
View File

@ -930,14 +930,14 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
func (p *OAuthProxy) AuthOnly(rw http.ResponseWriter, req *http.Request) {
session, err := p.getAuthenticatedSession(rw, req)
if err != nil {
http.Error(rw, "unauthorized request", http.StatusUnauthorized)
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
// Allow secondary group restrictions based on the `allowed_group` or
// `allowed_groups` querystring parameter
if !checkAllowedGroups(req, session) {
http.Error(rw, "unauthorized request", http.StatusUnauthorized)
http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}