3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-21 13:07:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: always use https for application callback (#1433)

Browse source
This commit is contained in:
Travis Groth 2020-09-21 15:58:46 -04:00 committed by GitHub
parent 512dd9093e
commit 0537dd63d4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
proxy/forward_auth.go
View file

@ -168,10 +168,11 @@ func getURIStringFromRequest(r *http.Request) (*url.URL, error) {
// or inferred from forwarding headers
uriString := r.FormValue("uri")
if uriString == "" {
if r.Header.Get(httputil.HeaderForwardedProto) == "" || r.Header.Get(httputil.HeaderForwardedHost) == "" {
if r.Header.Get(httputil.HeaderForwardedHost) == "" {
return nil, errors.New("no uri to validate")
}
uriString = r.Header.Get(httputil.HeaderForwardedProto) + "://" +
// Always assume HTTPS for application callback
uriString = "https://" +
r.Header.Get(httputil.HeaderForwardedHost) +
r.Header.Get(httputil.HeaderForwardedURI)
}