Add support for X-Forwarded-Prefix

viafoura · Mar 21, 2018 · 3228862 · 3228862
1 parent af9266a
commit 3228862
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 12 deletions.
diff --git a/frontend/src/kuberos.vue b/frontend/src/kuberos.vue
@@ -72,7 +72,7 @@ export default {
   },
   methods: {
     templateURL: function() {
-      return "/kubecfg.yaml?" + $.param(this.kubecfg);
+      return "kubecfg.yaml?" + $.param(this.kubecfg);
     },
     snippetSetCreds: function() {
       return (
@@ -114,7 +114,7 @@ export default {
     if (q != "") {
       query = JSON.parse('{"' + q + '"}');
     }
-    var url = "/kubecfg?" + $.param(query);
+    var url = "kubecfg?" + $.param(query);
 
     var _this = this;
     this.axios

diff --git a/kuberos.go b/kuberos.go
@@ -21,13 +21,14 @@ import (
 const (
 	// DefaultKubeCfgEndpoint is the default endpoint to which clients should
 	// be redirected after authentication.
-	DefaultKubeCfgEndpoint = "/ui"
+	DefaultKubeCfgEndpoint = "ui"
 
 	schemeHTTP  = "http"
 	schemeHTTPS = "https"
 
-	elbHeaderForwardedProto = "X-Forwarded-Proto"
-	elbHeaderForwardedFor   = "X-Forwarded-For"
+	headerForwardedProto = "X-Forwarded-Proto"
+	headerForwardedFor   = "X-Forwarded-For"
+	headerForwardedPrefix   = "X-Forwarded-Prefix"
 
 	urlParamState            = "state"
 	urlParamCode             = "code"
@@ -81,7 +82,7 @@ func defaultStateFn(secret []byte) StateFn {
 		// Use the forwarded for header instead of the remote address if it is
 		// supplied.
 		for h, v := range r.Header {
-			if h == elbHeaderForwardedFor {
+			if h == headerForwardedFor {
 				for _, host := range v {
 					remote = host
 				}
@@ -290,14 +291,20 @@ func redirectURL(r *http.Request, endpoint *url.URL) string {
 		u.Scheme = schemeHTTPS
 	}
 
-	// Redirect to HTTPS if we're listening on HTTP behind an HTTPS ELB.
 	for h, v := range r.Header {
-		if h == elbHeaderForwardedProto {
-			for _, proto := range v {
-				if proto == schemeHTTPS {
-					u.Scheme = schemeHTTPS
+		switch h {
+			case headerForwardedProto:
+				// Redirect to HTTPS if we're listening on HTTP behind an HTTPS ELB.
+				for _, proto := range v {
+					if proto == schemeHTTPS {
+						u.Scheme = schemeHTTPS
+					}
+				}
+			case headerForwardedPrefix:
+				// Redirect includes X-Forwarded-Prefix if exists
+				for _, prefix := range v {
+					u.Path = prefix
 				}
-			}
 		}
 	}
 	// TODO(negz): Set port if X-Forwarded-Port exists?