From 4c1047866b79f896bc9382b84af95fa88c5b75bd Mon Sep 17 00:00:00 2001 From: Mitsuo Heijo Date: Mon, 6 Jul 2020 19:04:31 +0900 Subject: [PATCH 1/2] fix: do not add Cache-Control header to response from auth only endpoint fix #661 related #453 --- oauthproxy.go | 2 +- oauthproxy_test.go | 71 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 62 insertions(+), 11 deletions(-) diff --git a/oauthproxy.go b/oauthproxy.go index f09c97d8..d6c4bce1 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -679,7 +679,7 @@ func prepareNoCache(w http.ResponseWriter) { } func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) { - if strings.HasPrefix(req.URL.Path, p.ProxyPrefix) { + if req.URL.Path != p.AuthOnlyPath && strings.HasPrefix(req.URL.Path, p.ProxyPrefix) { prepareNoCache(rw) } diff --git a/oauthproxy_test.go b/oauthproxy_test.go index cd7e8e53..959cd538 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -1805,7 +1805,7 @@ func Test_prepareNoCache(t *testing.T) { } } -func Test_noCacheHeadersDoesNotExistsInResponseHeadersFromUpstream(t *testing.T) { +func Test_noCacheHeaders(t *testing.T) { upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("upstream")) })) @@ -1820,17 +1820,68 @@ func Test_noCacheHeadersDoesNotExistsInResponseHeadersFromUpstream(t *testing.T) }) assert.NoError(t, err) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, "/upstream", nil) - proxy.ServeHTTP(rec, req) + t.Run("not exist in response from upstream", func(t *testing.T) { + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, "/upstream", nil) + proxy.ServeHTTP(rec, req) - assert.Equal(t, http.StatusOK, rec.Code) - assert.Equal(t, "upstream", rec.Body.String()) + assert.Equal(t, http.StatusOK, rec.Code) + assert.Equal(t, "upstream", rec.Body.String()) - // checking noCacheHeaders does not exists in response headers from upstream - for k := range noCacheHeaders { - assert.Equal(t, "", rec.Header().Get(k)) - } + // checking noCacheHeaders does not exists in response headers from upstream + for k := range noCacheHeaders { + assert.Equal(t, "", rec.Header().Get(k)) + } + }) + + t.Run("has no-cache", func(t *testing.T) { + tests := []struct { + path string + hasNoCache bool + }{ + { + path: "/oauth2/sign_in", + hasNoCache: true, + }, + { + path: "/oauth2/sign_out", + hasNoCache: true, + }, + { + path: "/oauth2/start", + hasNoCache: true, + }, + { + path: "/oauth2/callback", + hasNoCache: true, + }, + { + path: "/oauth2/auth", + hasNoCache: false, + }, + { + path: "/oauth2/userinfo", + hasNoCache: true, + }, + { + path: "/upstream", + hasNoCache: false, + }, + } + + for _, tt := range tests { + t.Run(tt.path, func(t *testing.T) { + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, tt.path, nil) + proxy.ServeHTTP(rec, req) + cacheControl := rec.Result().Header.Get("Cache-Control") + if tt.hasNoCache != (strings.Contains(cacheControl, "no-cache")) { + t.Errorf(`unexpected "Cache-Control" header: %s`, cacheControl) + } + }) + } + + }) } func baseTestOptions() *options.Options { From 97ab3fa0059397e8003bb9b8a24c0fdd44242d14 Mon Sep 17 00:00:00 2001 From: Mitsuo Heijo Date: Mon, 6 Jul 2020 19:09:02 +0900 Subject: [PATCH 2/2] update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e2040a6..e2da49ce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ - [#577](https://github.com/oauth2-proxy/oauth2-proxy/pull/577) Move Cipher and Session Store initialisation out of Validation (@JoelSpeed) - [#635](https://github.com/oauth2-proxy/oauth2-proxy/pull/635) Support specifying alternative provider TLS trust source(s) (@k-wall) - [#649](https://github.com/oauth2-proxy/oauth2-proxy/pull/650) Resolve an issue where an empty healthcheck URL and ping-user-agent returns the healthcheck response (@jordancrawfordnz) +- [#662](https://github.com/oauth2-proxy/oauth2-proxy/pull/662) Do not add Cache-Control header to response from auth only endpoint (@johejo) # v6.0.0