go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Code Issues Releases Activity

Ensure redirect URI always has a scheme

Browse Source
This commit is contained in:
Joel Speed
2021-02-14 11:38:20 +00:00
committed by Joel Speed
parent f3209a40e1
commit 9dbd5f5afd
3 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/validation/options.go
View File

@ -30,6 +30,8 @@ func Validate(o *options.Options) error {
msgs = append(msgs, validateRedisSessionStore(o)...)
msgs = append(msgs, prefixValues("injectRequestHeaders: ", validateHeaders(o.InjectRequestHeaders)...)...)
msgs = append(msgs, prefixValues("injectResponseHeaders: ", validateHeaders(o.InjectResponseHeaders)...)...)
msgs = parseSignatureKey(o, msgs)
msgs = configureLogger(o.Logging, msgs)
if o.SSLInsecureSkipVerify {
// InsecureSkipVerify is a configurable option we allow
@ -175,6 +177,9 @@ func Validate(o *options.Options) error {
var redirectURL *url.URL
redirectURL, msgs = parseURL(o.RawRedirectURL, "redirect", msgs)
o.SetRedirectURL(redirectURL)
if o.RawRedirectURL == "" && !o.Cookie.Secure && !o.ReverseProxy {
logger.Print("WARNING: no explicit redirect URL: redirects will default to insecure HTTP")
}
msgs = append(msgs, validateUpstreams(o.UpstreamServers)...)
msgs = parseProviderInfo(o, msgs)
@ -191,9 +196,6 @@ func Validate(o *options.Options) error {
}
}
msgs = parseSignatureKey(o, msgs)
msgs = configureLogger(o.Logging, msgs)
if o.ReverseProxy {
parser, err := ip.GetRealClientIPParser(o.RealClientIPHeader)
if err != nil {