mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-29 22:48:15 +02:00
e8b489eb87
Currently Pomerium replaces dynamic set_request_headers tokens
sequentially. As a result, if a replacement value itself contained a
supported "$pomerium" token, Pomerium may treat that as another
replacement, resulting in incorrect output.
This is unlikely to be a problem given the current set of dynamic
tokens, but if we continue to add additional tokens, this will likely
become more of a concern.
To forestall any issues, let's perform all replacements in one pass,
using the os.Expand() method. This does require a slight change to the
syntax, as tokens containing a '.' will need to be wrapped in curly
braces, e.g. ${pomerium.id_token}.
A literal dollar sign can be included by using $$ in the input.
|
||
|---|---|---|
| .. | ||
| evaluator | ||
| internal/store | ||
| access_tracker.go | ||
| access_tracker_test.go | ||
| authorize.go | ||
| authorize_test.go | ||
| check_response.go | ||
| check_response_test.go | ||
| databroker.go | ||
| databroker_test.go | ||
| grpc.go | ||
| grpc_test.go | ||
| log.go | ||
| log_test.go | ||
| state.go | ||