3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-09 06:12:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: fix internal service URL CORS check (#3279)

Browse source
This commit is contained in:
Caleb Doxsey 2022-04-19 16:09:47 +00:00 committed by GitHub
parent f3c839b3dc
commit 61ffeb837d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
authenticate/handlers.go
View file

@ -82,7 +82,7 @@ func (a *Authenticate) mountDashboard(r *mux.Router) {
c := cors.New(cors.Options{ c := cors.New(cors.Options{
AllowOriginRequestFunc: func(r *http.Request, _ string) bool { AllowOriginRequestFunc: func(r *http.Request, _ string) bool {
state := a.state.Load() state := a.state.Load()
err := middleware.ValidateRequestURL(r, state.sharedKey) err := middleware.ValidateRequestURL(a.getExternalRequest(r), state.sharedKey)
if err != nil { if err != nil {
log.FromRequest(r).Info().Err(err).Msg("authenticate: origin blocked") log.FromRequest(r).Info().Err(err).Msg("authenticate: origin blocked")
} }
@ -109,10 +109,7 @@ func (a *Authenticate) mountDashboard(r *mux.Router) {
})) }))
cr := sr.PathPrefix("/callback").Subrouter() cr := sr.PathPrefix("/callback").Subrouter()
cr.Use(func(h http.Handler) http.Handler { cr.Path("/").Handler(a.requireValidSignature(a.Callback)).Methods(http.MethodGet)
return middleware.ValidateSignature(a.state.Load().sharedKey)(h)
})
cr.Path("/").Handler(httputil.HandlerFunc(a.Callback)).Methods(http.MethodGet)
} }
func (a *Authenticate) mountWellKnown(r *mux.Router) { func (a *Authenticate) mountWellKnown(r *mux.Router) {