Introduce ProxyRawPath flag

Setting this flag will configure the upstream proxy to pass encoded urls
as-is.

CHANGELOG.md

@@ -35,6 +35,7 @@
 - [#1317](https://github.com/oauth2-proxy/oauth2-proxy/pull/1317) Fix incorrect `</form>` tag on the sing_in page when *not* using a custom template (@jord1e)
 - [#1330](https://github.com/oauth2-proxy/oauth2-proxy/pull/1330) Allow specifying URL as input for custom sign in logo (@MaikuMori)
 - [#1357](https://github.com/oauth2-proxy/oauth2-proxy/pull/1357) Fix unsafe access to session variable (@harzallah)
+- [#997](https://github.com/oauth2-proxy/oauth2-proxy/pull/997) Allow passing the raw url path when proxying upstream requests - e.g. /%2F/ (@FStelzer)
 
 # V7.1.3
 

main_test.go

@@ -27,6 +27,7 @@ client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
 
 	const testAlphaConfig = `
 upstreams:
+  proxyrawpath: false
   configs:
   - id: /
     path: /

pkg/apis/options/upstreams.go

@@ -9,6 +9,10 @@ const (
 
 // Upstreams is a collection of definitions for upstream servers.
 type Upstreams struct {
+	// ProxyRawPath will pass the raw url path to upstream allowing for url's
+	// like: "/%2F/" which would otherwise be redirected to "/"
+	ProxyRawPath bool `json:"proxyRawPath,omitempty"`
+
 	// Upstream represents the configuration for an upstream server.
 	// Requests will be proxied to this upstream if the path matches the request path.
 	Configs []Upstream `json:"configs,omitempty"`

pkg/upstream/proxy.go

@@ -27,6 +27,10 @@ func NewProxy(upstreams options.Upstreams, sigData *options.SignatureData, write
 		serveMux: mux.NewRouter(),
 	}
 
+	if upstreams.ProxyRawPath {
+		m.serveMux.UseEncodedPath()
+	}
+
 	for _, upstream := range sortByPathLongest(upstreams.Configs) {
 		if upstream.Static {
 			if err := m.registerStaticResponseHandler(upstream, writer); err != nil {