go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Code Issues Releases Activity

fix: use X-Forwarded-Uri if it exists for pathRegex match

Browse Source 
the functions `isApiPath` and `isAllowedPath` use the `req.URL.Path` property which leads to faulty behavior when behind a reverse proxy. The correct path can be inferred from the `X-Forwarded-Uri` header by making use of the already provided `requestutil.GetRequestURI` function.

Co-authored-by: Jan Wystub <jan@bam-bam-bam.com>
This commit is contained in:
Marius Zander 2023-06-14 17:49:08 +02:00 committed by Jan Wystub
parent 7b3a36b854
commit 7529095e1a
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
oauthproxy.go
View File

@ -554,7 +554,7 @@ func isAllowedMethod(req *http.Request, route allowedRoute) bool {
}
func isAllowedPath(req *http.Request, route allowedRoute) bool {
matches := route.pathRegex.MatchString(req.URL.Path)
matches := route.pathRegex.MatchString(requestutil.GetRequestURI(req))
if route.negate {
return !matches
@ -575,7 +575,7 @@ func (p *OAuthProxy) isAllowedRoute(req *http.Request) bool {
func (p *OAuthProxy) isAPIPath(req *http.Request) bool {
for _, route := range p.apiRoutes {
if route.pathRegex.MatchString(req.URL.Path) {
if route.pathRegex.MatchString(requestutil.GetRequestURI(req)) {
return true
}
}