summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/reverseproxy
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2022-06-28 21:23:30 -0400
committerGitHub <noreply@github.com>2022-06-28 19:23:30 -0600
commit58e05cab155643c6543892855f373ea8755eb094 (patch)
treeaf5fcc1522875bd051ccc95812d15e088479a541 /modules/caddyhttp/reverseproxy
parent10f85558ead15e119f8e9abd81c8ad55eb865f8b (diff)
forwardauth: Fix case when `copy_headers` is omitted (#4856)
See https://caddy.community/t/using-forward-auth-and-writing-my-own-authenticator-in-php/16410, apparently it didn't work when `copy_headers` wasn't used. This is because we were skipping adding a handler to the routes in the "good response handler", but this causes the logic in `reverseproxy.go` to ignore the response handler since it's empty. Instead, we can just always put in the `header` handler, even with an empty `Set` operation, it's just a no-op, but it fixes that condition in the proxy code.
Diffstat (limited to 'modules/caddyhttp/reverseproxy')
-rw-r--r--modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go46
1 files changed, 24 insertions, 22 deletions
diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go
index 8230216..a0b1f42 100644
--- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go
+++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go
@@ -185,32 +185,34 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error)
},
Routes: []caddyhttp.Route{},
}
- if len(headersToCopy) > 0 {
- handler := &headers.Handler{
- Request: &headers.HeaderOps{
- Set: http.Header{},
- },
- }
- for from, to := range headersToCopy {
- handler.Request.Set[to] = []string{
- "{http.reverse_proxy.header." + from + "}",
- }
- }
+ handler := &headers.Handler{
+ Request: &headers.HeaderOps{
+ Set: http.Header{},
+ },
+ }
- goodResponseHandler.Routes = append(
- goodResponseHandler.Routes,
- caddyhttp.Route{
- HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(
- handler,
- "handler",
- "headers",
- nil,
- )},
- },
- )
+ // the list of headers to copy may be empty, but that's okay; we
+ // need at least one handler in the routes for the response handling
+ // logic in reverse_proxy to not skip this entry as empty.
+ for from, to := range headersToCopy {
+ handler.Request.Set[to] = []string{
+ "{http.reverse_proxy.header." + from + "}",
+ }
}
+ goodResponseHandler.Routes = append(
+ goodResponseHandler.Routes,
+ caddyhttp.Route{
+ HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(
+ handler,
+ "handler",
+ "headers",
+ nil,
+ )},
+ },
+ )
+
// note that when a response has any other status than 2xx, then we
// use the reverse proxy's default behaviour of copying the response
// back to the client, so we don't need to explicitly add a response