mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-07 11:58:12 +02:00
e8b489eb87
Currently Pomerium replaces dynamic set_request_headers tokens
sequentially. As a result, if a replacement value itself contained a
supported "$pomerium" token, Pomerium may treat that as another
replacement, resulting in incorrect output.
This is unlikely to be a problem given the current set of dynamic
tokens, but if we continue to add additional tokens, this will likely
become more of a concern.
To forestall any issues, let's perform all replacements in one pass,
using the os.Expand() method. This does require a slight change to the
syntax, as tokens containing a '.' will need to be wrapped in curly
braces, e.g. ${pomerium.id_token}.
A literal dollar sign can be included by using $$ in the input.
|
||
|---|---|---|
| .. | ||
| opa | ||
| config.go | ||
| evaluator.go | ||
| evaluator_test.go | ||
| functions.go | ||
| functions_test.go | ||
| gen-test-certs.go | ||
| google_cloud_serverless.go | ||
| google_cloud_serverless_test.go | ||
| headers_evaluator.go | ||
| headers_evaluator_test.go | ||
| policy_evaluator.go | ||
| policy_evaluator_test.go | ||