diff options
author | Francis Lavoie <lavofr@gmail.com> | 2022-06-28 21:23:30 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-28 19:23:30 -0600 |
commit | 58e05cab155643c6543892855f373ea8755eb094 (patch) | |
tree | af5fcc1522875bd051ccc95812d15e088479a541 /modules/caddyhttp | |
parent | 10f85558ead15e119f8e9abd81c8ad55eb865f8b (diff) |
forwardauth: Fix case when `copy_headers` is omitted (#4856)
See https://caddy.community/t/using-forward-auth-and-writing-my-own-authenticator-in-php/16410, apparently it didn't work when `copy_headers` wasn't used. This is because we were skipping adding a handler to the routes in the "good response handler", but this causes the logic in `reverseproxy.go` to ignore the response handler since it's empty. Instead, we can just always put in the `header` handler, even with an empty `Set` operation, it's just a no-op, but it fixes that condition in the proxy code.
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r-- | modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go index 8230216..a0b1f42 100644 --- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go @@ -185,32 +185,34 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) }, Routes: []caddyhttp.Route{}, } - if len(headersToCopy) > 0 { - handler := &headers.Handler{ - Request: &headers.HeaderOps{ - Set: http.Header{}, - }, - } - for from, to := range headersToCopy { - handler.Request.Set[to] = []string{ - "{http.reverse_proxy.header." + from + "}", - } - } + handler := &headers.Handler{ + Request: &headers.HeaderOps{ + Set: http.Header{}, + }, + } - goodResponseHandler.Routes = append( - goodResponseHandler.Routes, - caddyhttp.Route{ - HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( - handler, - "handler", - "headers", - nil, - )}, - }, - ) + // the list of headers to copy may be empty, but that's okay; we + // need at least one handler in the routes for the response handling + // logic in reverse_proxy to not skip this entry as empty. + for from, to := range headersToCopy { + handler.Request.Set[to] = []string{ + "{http.reverse_proxy.header." + from + "}", + } } + goodResponseHandler.Routes = append( + goodResponseHandler.Routes, + caddyhttp.Route{ + HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( + handler, + "handler", + "headers", + nil, + )}, + }, + ) + // note that when a response has any other status than 2xx, then we // use the reverse proxy's default behaviour of copying the response // back to the client, so we don't need to explicitly add a response |