From d51556515e73ed6e3245cabf0e2c5196e62489ee Mon Sep 17 00:00:00 2001
From: Fabian Stelzer <fs@gigacodes.de>
Date: Mon, 9 Aug 2021 14:57:40 +0000
Subject: [PATCH] Introduce ProxyRawPath flag

Setting this flag will configure the upstream proxy to pass encoded urls
as-is.
---
 CHANGELOG.md                  | 1 +
 main_test.go                  | 1 +
 pkg/apis/options/upstreams.go | 4 ++++
 pkg/upstream/proxy.go         | 4 ++++
 4 files changed, 10 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dc1f773a..893f2922 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,7 @@
 - [#1317](https://github.com/oauth2-proxy/oauth2-proxy/pull/1317) Fix incorrect `</form>` tag on the sing_in page when *not* using a custom template (@jord1e)
 - [#1330](https://github.com/oauth2-proxy/oauth2-proxy/pull/1330) Allow specifying URL as input for custom sign in logo (@MaikuMori)
 - [#1357](https://github.com/oauth2-proxy/oauth2-proxy/pull/1357) Fix unsafe access to session variable (@harzallah)
+- [#997](https://github.com/oauth2-proxy/oauth2-proxy/pull/997) Allow passing the raw url path when proxying upstream requests - e.g. /%2F/ (@FStelzer)
 
 # V7.1.3
 
diff --git a/main_test.go b/main_test.go
index 7f7e1e3b..dc7dcb82 100644
--- a/main_test.go
+++ b/main_test.go
@@ -27,6 +27,7 @@ client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
 
 	const testAlphaConfig = `
 upstreams:
+  proxyrawpath: false
   configs:
   - id: /
     path: /
diff --git a/pkg/apis/options/upstreams.go b/pkg/apis/options/upstreams.go
index 368da3ed..4e1a0547 100644
--- a/pkg/apis/options/upstreams.go
+++ b/pkg/apis/options/upstreams.go
@@ -9,6 +9,10 @@ const (
 
 // Upstreams is a collection of definitions for upstream servers.
 type Upstreams struct {
+	// ProxyRawPath will pass the raw url path to upstream allowing for url's
+	// like: "/%2F/" which would otherwise be redirected to "/"
+	ProxyRawPath bool `json:"proxyRawPath,omitempty"`
+
 	// Upstream represents the configuration for an upstream server.
 	// Requests will be proxied to this upstream if the path matches the request path.
 	Configs []Upstream `json:"configs,omitempty"`
diff --git a/pkg/upstream/proxy.go b/pkg/upstream/proxy.go
index a7e19b63..27bd5229 100644
--- a/pkg/upstream/proxy.go
+++ b/pkg/upstream/proxy.go
@@ -27,6 +27,10 @@ func NewProxy(upstreams options.Upstreams, sigData *options.SignatureData, write
 		serveMux: mux.NewRouter(),
 	}
 
+	if upstreams.ProxyRawPath {
+		m.serveMux.UseEncodedPath()
+	}
+
 	for _, upstream := range sortByPathLongest(upstreams.Configs) {
 		if upstream.Static {
 			if err := m.registerStaticResponseHandler(upstream, writer); err != nil {