forwardauth: Fix case when copy_headers is omitted (#4856)

See https://caddy.community/t/using-forward-auth-and-writing-my-own-authenticator-in-php/16410, apparently it didn't work when `copy_headers` wasn't used. This is because we were skipping adding a handler to the routes in the "good response handler", but this causes the logic in `reverseproxy.go` to ignore the response handler since it's empty. Instead, we can just always put in the `header` handler, even with an empty `Set` operation, it's just a no-op, but it fixes that condition in the proxy code.
2024-12-27 22:23:48 +03:00 · 2022-06-28 21:23:30 -04:00 · 2022-06-28 21:23:30 -04:00 · 58e05cab15
commit 58e05cab15
parent 10f85558ea
1 changed files with 25 additions and 23 deletions
--- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go
+++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go
@ -185,13 +185,16 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error)
 		},
 		Routes: []caddyhttp.Route{},
 	}
-	if len(headersToCopy) > 0 {
+
 	handler := &headers.Handler{
 		Request: &headers.HeaderOps{
 			Set: http.Header{},
 		},
 	}
 	// the list of headers to copy may be empty, but that's okay; we
 	// need at least one handler in the routes for the response handling
 	// logic in reverse_proxy to not skip this entry as empty.
 	for from, to := range headersToCopy {
 		handler.Request.Set[to] = []string{
 			"{http.reverse_proxy.header." + from + "}",
@ -209,7 +212,6 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error)
 			)},
 		},
 	)
 	}
 	// note that when a response has any other status than 2xx, then we
 	// use the reverse proxy's default behaviour of copying the response