better backwards compatibility

ory · May 26, 2022 · aeba3ce · aeba3ce
1 parent 81c0fae
commit aeba3ce
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 13 deletions.
diff --git a/pipeline/authn/authenticator_bearer_token.go b/pipeline/authn/authenticator_bearer_token.go
@@ -86,9 +86,9 @@ func (a *AuthenticatorBearerToken) Config(config json.RawMessage) (*Authenticato
 	if len(c.SubjectFrom) == 0 {
 		c.SubjectFrom = "sub"
 	}
-	if len(c.ForwardHTTPHeaders) == 0 {
-		c.ForwardHTTPHeaders = []string{header.Authorization, header.Cookie}
-	}
+
+	// Add Authorization and Cookie headers for backward compatibility
+	c.ForwardHTTPHeaders = append(c.ForwardHTTPHeaders, []string{header.Authorization, header.Cookie}...)
 	c.ForwardHTTPHeadersMap = make(map[string]string)
 
 	for _, h := range c.ForwardHTTPHeaders {

diff --git a/pipeline/authn/authenticator_bearer_token_test.go b/pipeline/authn/authenticator_bearer_token_test.go
@@ -96,7 +96,7 @@ func TestAuthenticatorBearerToken(t *testing.T) {
 					w.WriteHeader(200)
 					w.Write([]byte(`{"sub": "123"}`))
 				},
-				config:    []byte(`{"preserve_query": true, "forward_http_headers": ["Authorization"]}`),
+				config:    []byte(`{"preserve_query": true}`),
 				expectErr: false,
 				expectSess: &AuthenticationSession{
 					Subject: "123",
@@ -113,7 +113,7 @@ func TestAuthenticatorBearerToken(t *testing.T) {
 					w.WriteHeader(200)
 					w.Write([]byte(`{"sub": "123"}`))
 				},
-				config:    []byte(`{"preserve_path": true, "preserve_query": false, "forward_http_headers": ["Authorization"]}`),
+				config:    []byte(`{"preserve_path": true, "preserve_query": false}`),
 				expectErr: false,
 				expectSess: &AuthenticationSession{
 					Subject: "123",
@@ -128,7 +128,7 @@ func TestAuthenticatorBearerToken(t *testing.T) {
 					w.WriteHeader(200)
 					w.Write([]byte(`{"sub": "123"}`))
 				},
-				config:    []byte(`{"preserve_path": true, "force_method": "GET", "forward_http_headers": ["Authorization"]}`),
+				config:    []byte(`{"preserve_path": true, "force_method": "GET"}`),
 				expectErr: false,
 				expectSess: &AuthenticationSession{
 					Subject: "123",
@@ -145,7 +145,7 @@ func TestAuthenticatorBearerToken(t *testing.T) {
 					w.WriteHeader(200)
 					w.Write([]byte(`{"sub": "123"}`))
 				},
-				config:    []byte(`{"preserve_path": false, "preserve_query": true, "forward_http_headers": ["Authorization"]}`),
+				config:    []byte(`{"preserve_path": false, "preserve_query": true}`),
 				expectErr: false,
 				expectSess: &AuthenticationSession{
 					Subject: "123",
@@ -160,7 +160,7 @@ func TestAuthenticatorBearerToken(t *testing.T) {
 					w.WriteHeader(200)
 					w.Write([]byte(`{"sub": "123"}`))
 				},
-				config:    []byte(`{"preserve_path": true, "preserve_query": true, "check_session_url": "http://origin-replaced-in-test/configured/path?q=configured-query", "forward_http_headers": ["Authorization", "X-Forwared-Host"]}`),
+				config:    []byte(`{"preserve_path": true, "preserve_query": true, "check_session_url": "http://origin-replaced-in-test/configured/path?q=configured-query", "forward_http_headers": ["X-Forwared-Host"]}`),
 				expectErr: false,
 				expectSess: &AuthenticationSession{
 					Subject: "123",
@@ -176,7 +176,7 @@ func TestAuthenticatorBearerToken(t *testing.T) {
 					w.WriteHeader(200)
 					w.Write([]byte(`{"sub": "123"}`))
 				},
-				config:    []byte(`{"preserve_host": true, "forward_http_headers": ["Authorization"]}`),
+				config:    []byte(`{"preserve_host": true}`),
 				expectErr: false,
 				expectSess: &AuthenticationSession{
 					Subject: "123",
@@ -193,7 +193,7 @@ func TestAuthenticatorBearerToken(t *testing.T) {
 					w.WriteHeader(200)
 					w.Write([]byte(`{"sub": "123"}`))
 				},
-				config:    []byte(`{"preserve_host": true, "additional_headers": {"X-Foo": "bar","X-Forwarded-For": "not-some-host"}, "forward_http_headers":["Authorization"]}`),
+				config:    []byte(`{"preserve_host": true, "additional_headers": {"X-Foo": "bar","X-Forwarded-For": "not-some-host"}}`),
 				expectErr: false,
 				expectSess: &AuthenticationSession{
 					Subject: "123",

diff --git a/pipeline/authn/authenticator_cookie_session.go b/pipeline/authn/authenticator_cookie_session.go
@@ -89,9 +89,9 @@ func (a *AuthenticatorCookieSession) Config(config json.RawMessage) (*Authentica
 	if len(c.SubjectFrom) == 0 {
 		c.SubjectFrom = "subject"
 	}
-	if len(c.ForwardHTTPHeaders) == 0 {
-		c.ForwardHTTPHeaders = []string{header.Authorization, header.Cookie}
-	}
+
+	// Add Authorization and Cookie headers for backward compatibility
+	c.ForwardHTTPHeaders = append(c.ForwardHTTPHeaders, []string{header.Authorization, header.Cookie}...)
 
 	c.ForwardHTTPHeadersMap = make(map[string]string)
 	for _, h := range c.ForwardHTTPHeaders {