mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-02 11:56:02 +02:00
a8b76bd623
* authorize: support X-Pomerium-Authorization in addition to Authorization * tangentental correction Co-authored-by: alexfornuto <alex@fornuto.com>
38 lines
1.3 KiB
Lua
38 lines
1.3 KiB
Lua
function remove_pomerium_cookie(cookie_name, cookie)
|
|
-- lua doesn't support optional capture groups
|
|
-- so we replace twice to handle pomerium=xyz at the end of the string
|
|
cookie = cookie:gsub(cookie_name .. "=[^;]+; ", "")
|
|
cookie = cookie:gsub(cookie_name .. "=[^;]+", "")
|
|
return cookie
|
|
end
|
|
|
|
function has_prefix(str, prefix)
|
|
return str ~= nil and str:sub(1, #prefix) == prefix
|
|
end
|
|
|
|
function envoy_on_request(request_handle)
|
|
local headers = request_handle:headers()
|
|
local metadata = request_handle:metadata()
|
|
|
|
local remove_cookie_name = metadata:get("remove_pomerium_cookie")
|
|
if remove_cookie_name then
|
|
local cookie = headers:get("cookie")
|
|
if cookie ~= nil then
|
|
newcookie = remove_pomerium_cookie(remove_cookie_name, cookie)
|
|
headers:replace("cookie", newcookie)
|
|
end
|
|
end
|
|
|
|
local remove_authorization = metadata:get("remove_pomerium_authorization")
|
|
if remove_authorization then
|
|
local authorization = headers:get("authorization")
|
|
local authorization_prefix = "Pomerium "
|
|
if has_prefix(authorization, authorization_prefix) then
|
|
headers:remove("authorization")
|
|
end
|
|
|
|
headers:remove('x-pomerium-authorization')
|
|
end
|
|
end
|
|
|
|
function envoy_on_response(response_handle) end
|