pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-07-08 04:18:13 +02:00

History

Kenneth Jenkins e8b489eb87 authorize: rework token substitution in headers (#4456 ) Currently Pomerium replaces dynamic set_request_headers tokens sequentially. As a result, if a replacement value itself contained a supported "$pomerium" token, Pomerium may treat that as another replacement, resulting in incorrect output. This is unlikely to be a problem given the current set of dynamic tokens, but if we continue to add additional tokens, this will likely become more of a concern. To forestall any issues, let's perform all replacements in one pass, using the os.Expand() method. This does require a slight change to the syntax, as tokens containing a '.' will need to be wrapped in curly braces, e.g. ${pomerium.id_token}. A literal dollar sign can be included by using $$ in the input.	2023-08-14 15:28:10 -07:00
..
policy	authorize: rework token substitution in headers (#4456 )	2023-08-14 15:28:10 -07:00
opa.go	chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667 )	2022-10-19 09:36:59 -06:00

Kenneth Jenkins e8b489eb87

authorize: rework token substitution in headers (#4456 )

Currently Pomerium replaces dynamic set_request_headers tokens
sequentially. As a result, if a replacement value itself contained a
supported "$pomerium" token, Pomerium may treat that as another
replacement, resulting in incorrect output.

This is unlikely to be a problem given the current set of dynamic
tokens, but if we continue to add additional tokens, this will likely
become more of a concern.

To forestall any issues, let's perform all replacements in one pass,
using the os.Expand() method. This does require a slight change to the
syntax, as tokens containing a '.' will need to be wrapped in curly
braces, e.g. ${pomerium.id_token}.

A literal dollar sign can be included by using $$ in the input.

2023-08-14 15:28:10 -07:00

policy

authorize: rework token substitution in headers (#4456 )

2023-08-14 15:28:10 -07:00

opa.go

chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667 )

2022-10-19 09:36:59 -06:00