mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-14 14:56:27 +03:00
forwardauth: Fix case when copy_headers
is omitted (#4856)
See https://caddy.community/t/using-forward-auth-and-writing-my-own-authenticator-in-php/16410, apparently it didn't work when `copy_headers` wasn't used. This is because we were skipping adding a handler to the routes in the "good response handler", but this causes the logic in `reverseproxy.go` to ignore the response handler since it's empty. Instead, we can just always put in the `header` handler, even with an empty `Set` operation, it's just a no-op, but it fixes that condition in the proxy code.
This commit is contained in:
parent
10f85558ea
commit
58e05cab15
1 changed files with 25 additions and 23 deletions
|
@ -185,13 +185,16 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error)
|
||||||
},
|
},
|
||||||
Routes: []caddyhttp.Route{},
|
Routes: []caddyhttp.Route{},
|
||||||
}
|
}
|
||||||
if len(headersToCopy) > 0 {
|
|
||||||
handler := &headers.Handler{
|
handler := &headers.Handler{
|
||||||
Request: &headers.HeaderOps{
|
Request: &headers.HeaderOps{
|
||||||
Set: http.Header{},
|
Set: http.Header{},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// the list of headers to copy may be empty, but that's okay; we
|
||||||
|
// need at least one handler in the routes for the response handling
|
||||||
|
// logic in reverse_proxy to not skip this entry as empty.
|
||||||
for from, to := range headersToCopy {
|
for from, to := range headersToCopy {
|
||||||
handler.Request.Set[to] = []string{
|
handler.Request.Set[to] = []string{
|
||||||
"{http.reverse_proxy.header." + from + "}",
|
"{http.reverse_proxy.header." + from + "}",
|
||||||
|
@ -209,7 +212,6 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error)
|
||||||
)},
|
)},
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
}
|
|
||||||
|
|
||||||
// note that when a response has any other status than 2xx, then we
|
// note that when a response has any other status than 2xx, then we
|
||||||
// use the reverse proxy's default behaviour of copying the response
|
// use the reverse proxy's default behaviour of copying the response
|
||||||
|
|
Loading…
Reference in a new issue