mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-15 23:36:26 +03:00
Disable basic authentication for OPTIONS method (#2415)
Execute an OPTIONS call and make sure we receive a valid response independently of the provided username or password as the authentication step is ignored * Do not authenticate OPTIONS calls * Add test for OPTIONS call
This commit is contained in:
parent
fdec3c68f0
commit
a36c7c7e87
2 changed files with 33 additions and 0 deletions
|
@ -52,6 +52,12 @@ func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error
|
|||
var protected, isAuthenticated bool
|
||||
var realm string
|
||||
|
||||
// do not check for basic auth on OPTIONS call
|
||||
if r.Method == http.MethodOptions {
|
||||
// Pass-through when no paths match
|
||||
return a.Next.ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
for _, rule := range a.Rules {
|
||||
for _, res := range rule.Resources {
|
||||
if !httpserver.Path(r.URL.Path).Matches(res) {
|
||||
|
|
|
@ -194,3 +194,30 @@ md5:$apr1$l42y8rex$pOA2VJ0x/0TwaFeAF9nX61`
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestOptionsMethod(t *testing.T) {
|
||||
rw := BasicAuth{
|
||||
Next: httpserver.HandlerFunc(contentHandler),
|
||||
Rules: []Rule{
|
||||
{Username: "username", Password: PlainMatcher("password"), Resources: []string{"/testing"}},
|
||||
},
|
||||
}
|
||||
|
||||
req, err := http.NewRequest(http.MethodOptions, "/testing", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("Could not create HTTP request: %v", err)
|
||||
}
|
||||
|
||||
// add basic auth with invalid username
|
||||
// and password to make sure basic auth is ignored
|
||||
req.SetBasicAuth("invaliduser", "invalidpassword")
|
||||
|
||||
rec := httptest.NewRecorder()
|
||||
result, err := rw.ServeHTTP(rec, req)
|
||||
if err != nil {
|
||||
t.Fatalf("Could not ServeHTTP: %v", err)
|
||||
}
|
||||
if result != http.StatusOK {
|
||||
t.Errorf("Expected status code %d but was %d", http.StatusOK, result)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue