fix: do not add Cache-Control header to response from auth only endpoint

fix #661 related #453
2025-03-23 21:50:48 +02:00 · 2020-07-06 19:04:31 +09:00 · 2020-07-06 19:04:31 +09:00 · 4c1047866b
commit 4c1047866b
parent 215aeec8b9
2 changed files with 62 additions and 11 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -679,7 +679,7 @@ func prepareNoCache(w http.ResponseWriter) {
 }

 func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
-	if strings.HasPrefix(req.URL.Path, p.ProxyPrefix) {
+	if req.URL.Path != p.AuthOnlyPath && strings.HasPrefix(req.URL.Path, p.ProxyPrefix) {
 		prepareNoCache(rw)
 	}

--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@ -1805,7 +1805,7 @@ func Test_prepareNoCache(t *testing.T) {
 	}
 }

-func Test_noCacheHeadersDoesNotExistsInResponseHeadersFromUpstream(t *testing.T) {
+func Test_noCacheHeaders(t *testing.T) {
 	upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("upstream"))
 	}))
@ -1820,17 +1820,68 @@ func Test_noCacheHeadersDoesNotExistsInResponseHeadersFromUpstream(t *testing.T)
 	})
 	assert.NoError(t, err)

-	rec := httptest.NewRecorder()
-	req := httptest.NewRequest(http.MethodGet, "/upstream", nil)
-	proxy.ServeHTTP(rec, req)
+	t.Run("not exist in response from upstream", func(t *testing.T) {
+		rec := httptest.NewRecorder()
+		req := httptest.NewRequest(http.MethodGet, "/upstream", nil)
+		proxy.ServeHTTP(rec, req)

-	assert.Equal(t, http.StatusOK, rec.Code)
-	assert.Equal(t, "upstream", rec.Body.String())
+		assert.Equal(t, http.StatusOK, rec.Code)
+		assert.Equal(t, "upstream", rec.Body.String())

-	// checking noCacheHeaders does not exists in response headers from upstream
-	for k := range noCacheHeaders {
-		assert.Equal(t, "", rec.Header().Get(k))
-	}
+		// checking noCacheHeaders does not exists in response headers from upstream
+		for k := range noCacheHeaders {
+			assert.Equal(t, "", rec.Header().Get(k))
+		}
+	})
+
+	t.Run("has no-cache", func(t *testing.T) {
+		tests := []struct {
+			path       string
+			hasNoCache bool
+		}{
+			{
+				path:       "/oauth2/sign_in",
+				hasNoCache: true,
+			},
+			{
+				path:       "/oauth2/sign_out",
+				hasNoCache: true,
+			},
+			{
+				path:       "/oauth2/start",
+				hasNoCache: true,
+			},
+			{
+				path:       "/oauth2/callback",
+				hasNoCache: true,
+			},
+			{
+				path:       "/oauth2/auth",
+				hasNoCache: false,
+			},
+			{
+				path:       "/oauth2/userinfo",
+				hasNoCache: true,
+			},
+			{
+				path:       "/upstream",
+				hasNoCache: false,
+			},
+		}
+
+		for _, tt := range tests {
+			t.Run(tt.path, func(t *testing.T) {
+				rec := httptest.NewRecorder()
+				req := httptest.NewRequest(http.MethodGet, tt.path, nil)
+				proxy.ServeHTTP(rec, req)
+				cacheControl := rec.Result().Header.Get("Cache-Control")
+				if tt.hasNoCache != (strings.Contains(cacheControl, "no-cache")) {
+					t.Errorf(`unexpected "Cache-Control" header: %s`, cacheControl)
+				}
+			})
+		}
+
+	})
 }

 func baseTestOptions() *options.Options {