internal/frontend: resolve authN helper url (#1521)

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

authorize/check_response.go

@@ -64,6 +64,9 @@ func (a *Authorize) deniedResponse(
 }
 
 func (a *Authorize) htmlDeniedResponse(code int32, reason string, headers map[string]string) *envoy_service_auth_v2.CheckResponse {
+	opts := a.currentOptions.Load()
+	debugEndpoint := opts.GetAuthenticateURL().ResolveReference(&url.URL{Path: "/.pomerium/"})
+
 	var details string
 	switch code {
 	case httputil.StatusInvalidClientCertificate:
@@ -83,6 +86,7 @@ func (a *Authorize) htmlDeniedResponse(code int32, reason string, headers map[st
 		"Status":     code,
 		"StatusText": reason,
 		"CanDebug":   code/100 == 4,
+		"DebugURL":   debugEndpoint,
 		"Error":      details,
 	})
 	if err != nil {

internal/frontend/assets/html/error.go.html

@@ -22,11 +22,11 @@
             <div class="message">
               <div class="text-monospace">{{.Error}}</div>
             </div>
-            {{if .CanDebug}}
+            {{if and .CanDebug .DebugURL }}
             <div class="message">
               If you should have access, contact your administrator and provide
               them with your
-              <a href="/.pomerium/">request details</a>.
+              <a href="{{.DebugURL}}">request details</a>.
             </div>
             {{end}}
           </section>