Merge commit from fork

Signed-off-by: Jan Larwig <jan@larwig.com>
2025-12-21 23:57:36 +02:00 · 2025-11-08 12:52:31 +01:00
parent 5993067505
commit f3f30fa976
4 changed files with 40 additions and 1 deletions
--- a/pkg/middleware/headers_test.go
+++ b/pkg/middleware/headers_test.go
@@ -205,7 +205,7 @@ var _ = Describe("Headers Suite", func() {
 			expectedHeaders: nil,
 			expectedErr:     "error building request header injector: error building request injector: error building injector for header \"X-Auth-Request-Authorization\": error loading basicAuthPassword: secret source is invalid: exactly one entry required, specify either value, fromEnv or fromFile",
 		}),
-		Entry("strips normalized variants before injecting (no preservation)", headersTableInput{
+		Entry("strips normalized variants before injecting", headersTableInput{
 			headers: []options.Header{
 				{
 					Name: "X-Auth-Request-User",
@@ -226,6 +226,29 @@ var _ = Describe("Headers Suite", func() {
 			},
 			expectedErr: "",
 		}),
+		Entry("doesn't strip normalized variants before injecting", headersTableInput{
+			headers: []options.Header{
+				{
+					Name:                            "X-Auth-Request-User",
+					InsecureSkipHeaderNormalization: true,
+					Values: []options.HeaderValue{
+						{
+							ClaimSource: &options.ClaimSource{Claim: "user"},
+						},
+					},
+				},
+			},
+			initialHeaders: http.Header{
+				"X-Auth-Request-User": []string{"old"},
+				"X-Auth_Request_User": []string{"evil"},
+			},
+			session: &sessionsapi.SessionState{User: "user-123"},
+			expectedHeaders: http.Header{
+				"X-Auth-Request-User": []string{"user-123"},
+				"X-Auth_Request_User": []string{"evil"},
+			},
+			expectedErr: "",
+		}),
 	)

 	DescribeTable("the response header injector",