Merge pull request #662 from johejo/issue-661

Do not add Cache-Control header to response from auth only endpoint

CHANGELOG.md

@@ -17,6 +17,7 @@
 - [#577](https://github.com/oauth2-proxy/oauth2-proxy/pull/577) Move Cipher and Session Store initialisation out of Validation (@JoelSpeed)
 - [#635](https://github.com/oauth2-proxy/oauth2-proxy/pull/635) Support specifying alternative provider TLS trust source(s) (@k-wall)
 - [#649](https://github.com/oauth2-proxy/oauth2-proxy/pull/650) Resolve an issue where an empty healthcheck URL and ping-user-agent returns the healthcheck response (@jordancrawfordnz)
+- [#662](https://github.com/oauth2-proxy/oauth2-proxy/pull/662) Do not add Cache-Control header to response from auth only endpoint (@johejo)
 
 # v6.0.0
 

oauthproxy.go

@@ -679,7 +679,7 @@ func prepareNoCache(w http.ResponseWriter) {
 }
 
 func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
-	if strings.HasPrefix(req.URL.Path, p.ProxyPrefix) {
+	if req.URL.Path != p.AuthOnlyPath && strings.HasPrefix(req.URL.Path, p.ProxyPrefix) {
 		prepareNoCache(rw)
 	}
 

oauthproxy_test.go

@@ -1805,7 +1805,7 @@ func Test_prepareNoCache(t *testing.T) {
 	}
 }
 
-func Test_noCacheHeadersDoesNotExistsInResponseHeadersFromUpstream(t *testing.T) {
+func Test_noCacheHeaders(t *testing.T) {
 	upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("upstream"))
 	}))
@@ -1820,17 +1820,68 @@ func Test_noCacheHeadersDoesNotExistsInResponseHeadersFromUpstream(t *testing.T)
 	})
 	assert.NoError(t, err)
 
-	rec := httptest.NewRecorder()
+	t.Run("not exist in response from upstream", func(t *testing.T) {
-	req := httptest.NewRequest(http.MethodGet, "/upstream", nil)
+		rec := httptest.NewRecorder()
-	proxy.ServeHTTP(rec, req)
+		req := httptest.NewRequest(http.MethodGet, "/upstream", nil)
+		proxy.ServeHTTP(rec, req)
 
-	assert.Equal(t, http.StatusOK, rec.Code)
+		assert.Equal(t, http.StatusOK, rec.Code)
-	assert.Equal(t, "upstream", rec.Body.String())
+		assert.Equal(t, "upstream", rec.Body.String())
 
-	// checking noCacheHeaders does not exists in response headers from upstream
+		// checking noCacheHeaders does not exists in response headers from upstream
-	for k := range noCacheHeaders {
+		for k := range noCacheHeaders {
-		assert.Equal(t, "", rec.Header().Get(k))
+			assert.Equal(t, "", rec.Header().Get(k))
-	}
+		}
+	})
+
+	t.Run("has no-cache", func(t *testing.T) {
+		tests := []struct {
+			path       string
+			hasNoCache bool
+		}{
+			{
+				path:       "/oauth2/sign_in",
+				hasNoCache: true,
+			},
+			{
+				path:       "/oauth2/sign_out",
+				hasNoCache: true,
+			},
+			{
+				path:       "/oauth2/start",
+				hasNoCache: true,
+			},
+			{
+				path:       "/oauth2/callback",
+				hasNoCache: true,
+			},
+			{
+				path:       "/oauth2/auth",
+				hasNoCache: false,
+			},
+			{
+				path:       "/oauth2/userinfo",
+				hasNoCache: true,
+			},
+			{
+				path:       "/upstream",
+				hasNoCache: false,
+			},
+		}
+
+		for _, tt := range tests {
+			t.Run(tt.path, func(t *testing.T) {
+				rec := httptest.NewRecorder()
+				req := httptest.NewRequest(http.MethodGet, tt.path, nil)
+				proxy.ServeHTTP(rec, req)
+				cacheControl := rec.Result().Header.Get("Cache-Control")
+				if tt.hasNoCache != (strings.Contains(cacheControl, "no-cache")) {
+					t.Errorf(`unexpected "Cache-Control" header: %s`, cacheControl)
+				}
+			})
+		}
+
+	})
 }
 
 func baseTestOptions() *options.Options {