authorize: add redirect url to debug page (#1533)

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2025-05-02 03:46:29 +02:00 · 2020-10-19 08:07:51 -07:00 · 2020-10-19 08:07:51 -07:00 · c85b45cff6
commit c85b45cff6
parent 3dec1edf00
1 changed files with 19 additions and 2 deletions
--- a/authorize/check_response.go
+++ b/authorize/check_response.go
@ -58,15 +58,32 @@ func (a *Authorize) deniedResponse(
 	}

 	if returnHTMLError {
-		return a.htmlDeniedResponse(code, reason, headers)
+		return a.htmlDeniedResponse(in, code, reason, headers)
 	}
 	return a.plainTextDeniedResponse(code, reason, headers)
 }

-func (a *Authorize) htmlDeniedResponse(code int32, reason string, headers map[string]string) *envoy_service_auth_v2.CheckResponse {
+func (a *Authorize) htmlDeniedResponse(
+	in *envoy_service_auth_v2.CheckRequest,
+	code int32, reason string, headers map[string]string,
+) *envoy_service_auth_v2.CheckResponse {
+
 	opts := a.currentOptions.Load()
 	debugEndpoint := opts.GetAuthenticateURL().ResolveReference(&url.URL{Path: "/.pomerium/"})

+	// create go-style http request
+	r := getHTTPRequestFromCheckRequest(in)
+	redirectURL := urlutil.GetAbsoluteURL(r).String()
+	if ref := r.Header.Get(httputil.HeaderReferrer); ref != "" {
+		redirectURL = ref
+	}
+
+	debugEndpoint = debugEndpoint.ResolveReference(&url.URL{
+		RawQuery: url.Values{
+			urlutil.QueryRedirectURI: {redirectURL},
+		}.Encode(),
+	})
+
 	var details string
 	switch code {
 	case httputil.StatusInvalidClientCertificate: