Forward auth: copy response headers when auth failed.

2018-04-23 15:28:04 +02:00 · 2018-04-23 15:28:04 +02:00 · 2975acdc82
commit 2975acdc82
parent 76dcbe3429
2 changed files with 24 additions and 10 deletions
--- a/middlewares/auth/forward.go
+++ b/middlewares/auth/forward.go
@ -25,6 +25,7 @@ func Forward(config *types.Forward, w http.ResponseWriter, r *http.Request, next
 			return http.ErrUseLastResponse
 		},
 	}
+
 	if config.TLS != nil {
 		tlsConfig, err := config.TLS.CreateTLSConfig()
 		if err != nil {
@ -32,10 +33,12 @@ func Forward(config *types.Forward, w http.ResponseWriter, r *http.Request, next
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
+
 		httpClient.Transport = &http.Transport{
 			TLSClientConfig: tlsConfig,
 		}
 	}
+
 	forwardReq, err := http.NewRequest(http.MethodGet, config.Address, nil)
 	tracing.LogRequest(tracing.GetSpan(r), forwardReq)
 	if err != nil {
@ -68,6 +71,8 @@ func Forward(config *types.Forward, w http.ResponseWriter, r *http.Request, next
 	if forwardResponse.StatusCode < http.StatusOK || forwardResponse.StatusCode >= http.StatusMultipleChoices {
 		log.Debugf("Remote error %s. StatusCode: %d", config.Address, forwardResponse.StatusCode)

+		utils.CopyHeaders(w.Header(), forwardResponse.Header)
+
 		// Grab the location header, if any.
 		redirectURL, err := forwardResponse.Location()

@ -79,12 +84,7 @@ func Forward(config *types.Forward, w http.ResponseWriter, r *http.Request, next
 			}
 		} else if redirectURL.String() != "" {
 			// Set the location in our response if one was sent back.
-			w.Header().Add("Location", redirectURL.String())
-		}
-
-		// Pass any Set-Cookie headers the forward auth server provides
-		for _, cookie := range forwardResponse.Cookies() {
-			w.Header().Add("Set-Cookie", cookie.String())
+			w.Header().Set("Location", redirectURL.String())
 		}

 		tracing.LogResponseCode(tracing.GetSpan(r), forwardResponse.StatusCode)