Skip to content

Commit

Permalink
Fix X-Auth-Request-Redirect value to reflect the request uri
Browse files Browse the repository at this point in the history
  • Loading branch information
aledbf committed Oct 4, 2017
1 parent 8218421 commit 952a27f
Showing 1 changed file with 8 additions and 10 deletions.
18 changes: 8 additions & 10 deletions controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -663,12 +663,13 @@ stream {
{{ end }}
{{ if not (empty $location.ExternalAuth.Method) }}
proxy_method {{ $location.ExternalAuth.Method }};
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
{{ end }}
proxy_pass_request_headers on;
proxy_set_header Host {{ $location.ExternalAuth.Host }};
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header Host {{ $location.ExternalAuth.Host }};
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Auth-Request-Redirect $request_uri;
proxy_ssl_server_name on;

client_max_body_size "{{ $location.Proxy.BodySize }}";
Expand Down Expand Up @@ -712,9 +713,9 @@ stream {

{{ if not (empty $authPath) }}
# this location requires authentication
auth_request {{ $authPath }};
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
auth_request {{ $authPath }};
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
{{- range $idx, $line := buildAuthResponseHeaders $location }}
{{ $line }}
{{- end }}
Expand Down Expand Up @@ -780,9 +781,6 @@ stream {
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;

{{/* This header is used for external authentication */}}
proxy_set_header X-Auth-Request-Redirect $request_uri;

# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
Expand Down

0 comments on commit 952a27f

Please sign in to comment.