* The `X-Forwarded-Uri` was required to bypass authentication
- Fix the `skip_auth_routes` option not working in Nginx
* Add tests for allowed requests with proxied `X-Forwarded-Uri` header
* Avoid nginx startup failure: host not found in upstream "oauth2-proxy"
* The `--reverse-proxy` option is required for nginx
* Update the change logs
* Use the authOnlyPath constant
* Remove the unused header `X-Scheme`
* add azure china support
Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>
* update changelog
Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>
* fix lint
Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>
---------
Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Added a checkbox for tested changes to PR template
* Update PULL_REQUEST_TEMPLATE.md
* Update .github/PULL_REQUEST_TEMPLATE.md
Co-authored-by: Jan Larwig <jan@larwig.com>
---------
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add support for unix socket as upstream
* Add CHANGELOG.md entry
* Add Unix socket documentation
* Don't export unixRoundTripper, switch from string prefix to Scheme match
* Add basic unix server mock
* Add some tests and comments
* adding append option for custom CA certs
* updated test for changed GetCertPool signature, added testing to check functionality of empty and non-empty store
* adding legacy options as well
* update associated documentation
* fixing code climate complaints - reduce number of return statements
* Apply suggestions from code review
Changes caFilesAppend (and variants) to useSystemTrustStore
Co-authored-by: Jan Larwig <jan@larwig.com>
* Apply suggestions from code review
Fixes extra whitespaces and grammar.
Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
* fix indentation
* update changelog
---------
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Update changelog for v7.5.1 release
* Create versioned docs for release v7.5.x
Created using: yarn run docusaurus docs:version 7.5.x
---------
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Embedding css and webfont dependencies allows the application to present
itself correctly in an environment that does not allow downloading the
files from a cdn.
Inspiration taken from #1492 but reworked to make use of embed.FS
simplifying the approach.
* Validate jsonpath in claim extractor
Signed-off-by: Joseph Weigl <joseph.weigl@audi.de>
* Add test and changelog for claim extractor json path
---------
Signed-off-by: Joseph Weigl <joseph.weigl@audi.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
the functions `isApiPath` and `isAllowedPath` use the `req.URL.Path` property which leads to faulty behavior when behind a reverse proxy. The correct path can be inferred from the `X-Forwarded-Uri` header by making use of the already provided `requestutil.GetRequestURI` function.
Co-authored-by: Jan Wystub <jan@bam-bam-bam.com>
