3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

forward-auth: use envoy's ext_authz check (#1482)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
bobby 2020-10-04 20:01:06 -07:00 committed by GitHub
parent 155213857e
commit 9b39deabd8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 248 additions and 406 deletions
Download patch file Download diff file Expand all files Collapse all files

14
authorize/grpc.go
View file

@ -292,9 +292,17 @@ func getCheckRequestURL(req *envoy_service_auth_v2.CheckRequest) *url.URL {
u.Path = path
}
if h.GetHeaders() != nil {
if fwdProto, ok := h.GetHeaders()["x-forwarded-proto"]; ok {
u.Scheme = fwdProto
// check to make sure this is _not_ a verify endpoint and that forwarding
// headers are set. If so, infer the true authorization location from thos
if u.Path != "/verify" && h.GetHeaders() != nil {
if val, ok := h.GetHeaders()["x-forwarded-proto"]; ok && val != "" {
u.Scheme = val
}
if val, ok := h.GetHeaders()["x-forwarded-host"]; ok && val != "" {
u.Host = val
}
if val, ok := h.GetHeaders()["x-forwarded-uri"]; ok && val != "" && val != "/" {
u.Path = val
}
}
return u