Merge remote-tracking branch 'upstream/master' into bugs/fix-forward-auth

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

proxy/handlers.go

@@ -13,13 +13,13 @@ import (
 	"github.com/pomerium/pomerium/internal/httputil"
 	"github.com/pomerium/pomerium/internal/middleware"
 	"github.com/pomerium/pomerium/internal/sessions"
-	"github.com/pomerium/pomerium/internal/templates"
 	"github.com/pomerium/pomerium/internal/urlutil"
 )
 
 // registerDashboardHandlers returns the proxy service's ServeMux
 func (p *Proxy) registerDashboardHandlers(r *mux.Router) *mux.Router {
 	h := r.PathPrefix(dashboardURL).Subrouter()
+	h.Use(middleware.SetHeaders(httputil.HeadersContentSecurityPolicy))
 	// 1. Retrieve the user session and add it to the request context
 	h.Use(sessions.RetrieveSession(p.sessionStore))
 	// 2. AuthN - Verify the user is authenticated. Set email, group, & id headers
@@ -97,7 +97,7 @@ func (p *Proxy) UserDashboard(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	templates.New().ExecuteTemplate(w, "dashboard.html", map[string]interface{}{
+	p.templates.ExecuteTemplate(w, "dashboard.html", map[string]interface{}{
 		"Session":   session,
 		"IsAdmin":   isAdmin,
 		"csrfField": csrf.TemplateField(r),

proxy/proxy.go

@@ -16,12 +16,12 @@ import (
 	"github.com/pomerium/pomerium/internal/cryptutil"
 	"github.com/pomerium/pomerium/internal/encoding"
 	"github.com/pomerium/pomerium/internal/encoding/jws"
+	"github.com/pomerium/pomerium/internal/frontend"
 	"github.com/pomerium/pomerium/internal/httputil"
 	"github.com/pomerium/pomerium/internal/log"
 	"github.com/pomerium/pomerium/internal/middleware"
 	"github.com/pomerium/pomerium/internal/sessions"
 	"github.com/pomerium/pomerium/internal/telemetry/metrics"
-	"github.com/pomerium/pomerium/internal/templates"
 	"github.com/pomerium/pomerium/internal/tripper"
 	"github.com/pomerium/pomerium/internal/urlutil"
 	"github.com/pomerium/pomerium/proxy/clients"
@@ -132,7 +132,7 @@ func New(opts config.Options) (*Proxy, error) {
 			sessions.NewHeaderStore(encoder, "Pomerium"),
 			sessions.NewQueryParamStore(encoder, "pomerium_session")},
 		signingKey: opts.SigningKey,
-		templates:  templates.New(),
+		templates:  template.Must(frontend.NewTemplates()),
 	}
 	// errors checked in ValidateOptions
 	p.authorizeURL, _ = urlutil.DeepCopy(opts.AuthorizeURL)
@@ -302,3 +302,7 @@ func (p *Proxy) roundTripperFromPolicy(policy *config.Policy) http.RoundTripper
 	}
 	return c.Then(transport)
 }
+
+func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	p.Handler.ServeHTTP(w, r)
+}

proxy/proxy_test.go

@@ -222,7 +222,7 @@ func Test_UpdateOptions(t *testing.T) {
 			if err == nil {
 				r := httptest.NewRequest("GET", tt.host, nil)
 				w := httptest.NewRecorder()
-				p.Handler.ServeHTTP(w, r)
+				p.ServeHTTP(w, r)
 				if tt.wantRoute && w.Code != http.StatusNotFound {
 					t.Errorf("Failed to find route handler")
 					return