3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-11 07:12:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

envoy: always set jwt claim headers even if no value is available (#2261)

Browse source 
* envoy: always set jwt claim headers even if no value is available

* add test
This commit is contained in:
Caleb Doxsey 2021-06-04 11:01:00 -06:00 committed by GitHub
parent 699f3f461f
commit 2156dbc553
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 69 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/envoyconfig/routes.go
View file

@ -478,9 +478,11 @@ func mkRouteMatch(policy *config.Policy) *envoy_config_route_v3.RouteMatch {
func getRequestHeadersToRemove(options *config.Options, policy *config.Policy) []string {
requestHeadersToRemove := policy.RemoveRequestHeaders
if !policy.PassIdentityHeaders {
requestHeadersToRemove = append(requestHeadersToRemove, httputil.HeaderPomeriumJWTAssertion, httputil.HeaderPomeriumJWTAssertionFor)
for _, claim := range options.JWTClaimsHeaders {
requestHeadersToRemove = append(requestHeadersToRemove, httputil.PomeriumJWTHeaderName(claim))
requestHeadersToRemove = append(requestHeadersToRemove,
httputil.HeaderPomeriumJWTAssertion,
httputil.HeaderPomeriumJWTAssertionFor)
for headerName := range options.JWTClaimsHeaders {
requestHeadersToRemove = append(requestHeadersToRemove, headerName)
}
}
// remove these headers to prevent a user from re-proxying requests through the control plane