From 581475feec9af2e923baf4d439e5ed8ff52423f3 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Mon, 13 Apr 2020 14:54:53 +0100 Subject: [PATCH] Set-Basic-Auth should default to false --- CHANGELOG.md | 1 + docs/configuration/configuration.md | 2 +- main.go | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a4bf5ed..881d7101 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ - [#412](https://github.com/pusher/oauth2_proxy/pull/412) Allow multiple cookie domains to be specified (@edahlseng) - [#413](https://github.com/oauth2-proxy/oauth2-proxy/pull/413) Add -set-basic-auth param to set the Basic Authorization header for upstreams (@morarucostel). - [#483](https://github.com/oauth2-proxy/oauth2-proxy/pull/483) Warn users when session cookies are split (@JoelSpeed) +- [#488](https://github.com/oauth2-proxy/oauth2-proxy/pull/488) Set-Basic-Auth should default to false (@JoelSpeed) # v5.1.0 diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index 0413adec..8f9539fc 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -103,7 +103,7 @@ An example [oauth2-proxy.cfg]({{ site.gitweb }}/contrib/oauth2-proxy.cfg.example | `-session-store-type` | string | [Session data storage backend](configuration/sessions); redis or cookie | cookie | | `-set-xauthrequest` | bool | set X-Auth-Request-User, X-Auth-Request-Email and X-Auth-Request-Preferred-Username response headers (useful in Nginx auth_request mode) | false | | `-set-authorization-header` | bool | set Authorization Bearer response header (useful in Nginx auth_request mode) | false | -| `-set-basic-auth` | bool | set HTTP Basic Auth information in response (useful in Nginx auth_request mode) | true | +| `-set-basic-auth` | bool | set HTTP Basic Auth information in response (useful in Nginx auth_request mode) | false | | `-signature-key` | string | GAP-Signature request signature key (algorithm:secretkey) | | | `-silence-ping-logging` | bool | disable logging of requests to ping endpoint | false | | `-skip-auth-preflight` | bool | will skip authentication for OPTIONS requests | false | diff --git a/main.go b/main.go index 2d1045eb..b1e67205 100644 --- a/main.go +++ b/main.go @@ -44,7 +44,7 @@ func main() { flagSet.Bool("set-xauthrequest", false, "set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)") flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint, file:// paths for static files or static:// for static response. Routing is based on the path") flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream") - flagSet.Bool("set-basic-auth", true, "set HTTP Basic Auth information in response (useful in Nginx auth_request mode)") + flagSet.Bool("set-basic-auth", false, "set HTTP Basic Auth information in response (useful in Nginx auth_request mode)") flagSet.Bool("prefer-email-to-user", false, "Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, eg. htaccess authentication. Used in conjunction with -pass-basic-auth and -pass-user-headers") flagSet.Bool("pass-user-headers", true, "pass X-Forwarded-User and X-Forwarded-Email information to upstream") flagSet.String("basic-auth-password", "", "the password to set when passing the HTTP Basic Auth header")