3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-03 11:22:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: fix internal service URL CORS check (#3279)

Browse source
This commit is contained in:
Caleb Doxsey 2022-04-19 16:09:47 +00:00 committed by GitHub
parent f3c839b3dc
commit 61ffeb837d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
authenticate/handlers.go
View file

@ -82,7 +82,7 @@ func (a *Authenticate) mountDashboard(r *mux.Router) {
c := cors.New(cors.Options{
AllowOriginRequestFunc: func(r *http.Request, _ string) bool {
state := a.state.Load()
err := middleware.ValidateRequestURL(r, state.sharedKey)
err := middleware.ValidateRequestURL(a.getExternalRequest(r), state.sharedKey)
if err != nil {
log.FromRequest(r).Info().Err(err).Msg("authenticate: origin blocked")
}
@ -109,10 +109,7 @@ func (a *Authenticate) mountDashboard(r *mux.Router) {
}))
cr := sr.PathPrefix("/callback").Subrouter()
cr.Use(func(h http.Handler) http.Handler {
return middleware.ValidateSignature(a.state.Load().sharedKey)(h)
})
cr.Path("/").Handler(httputil.HandlerFunc(a.Callback)).Methods(http.MethodGet)
cr.Path("/").Handler(a.requireValidSignature(a.Callback)).Methods(http.MethodGet)
}
func (a *Authenticate) mountWellKnown(r *mux.Router) {