homelab/traefik
1
0
Fork 0
Code Activity

Forward Proxy-Authorization header to authentication server

Browse source
This commit is contained in:
Pascal Fautré 2021-01-21 18:34:04 +01:00 committed by GitHub
parent a90b2a672e
commit f0d78471af
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
pkg/middlewares/auth/forward.go
View file

@ -26,6 +26,18 @@ const (
forwardedTypeName = "ForwardedAuthType"
)
// hopHeaders Hop-by-hop headers to be removed in the authentication request.
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
// Proxy-Authorization header is forwarded to the authentication server (see https://tools.ietf.org/html/rfc7235#section-4.4).
var hopHeaders = []string{
forward.Connection,
forward.KeepAlive,
forward.Te, // canonicalized version of "TE"
forward.Trailers,
forward.TransferEncoding,
forward.Upgrade,
}
type forwardAuth struct {
address string
authResponseHeaders []string
@ -131,7 +143,7 @@ func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
logger.Debugf("Remote error %s. StatusCode: %d", fa.address, forwardResponse.StatusCode)
utils.CopyHeaders(rw.Header(), forwardResponse.Header)
utils.RemoveHeaders(rw.Header(), forward.HopHeaders...)
utils.RemoveHeaders(rw.Header(), hopHeaders...)
// Grab the location header, if any.
redirectURL, err := forwardResponse.Location()
@ -187,7 +199,7 @@ func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
func writeHeader(req, forwardReq *http.Request, trustForwardHeader bool, allowedHeaders []string) {
utils.CopyHeaders(forwardReq.Header, req.Header)
utils.RemoveHeaders(forwardReq.Header, forward.HopHeaders...)
utils.RemoveHeaders(forwardReq.Header, hopHeaders...)
forwardReq.Header = filterForwardRequestHeaders(forwardReq.Header, allowedHeaders)