mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-03 20:36:03 +02:00
58fb6ea3c4
Currently, authorize service does handle unauthenticated request in forward auth mode, and return status 401. But proxy has not handled the response yet, and always returns 403 for both unauthenticated and unauthorized request. That breaks session handling in forward auth mode. That said, if user was signed out, or for any reason, authorize service return 401 status, proxy does not redirect user to re-signin, but always return 403. To fix it, proxy is changed to handle envoy check response in more details, to distinguish between 401 and 403 status. Thanks to @simbaja for rasing the problem and come up with original fix. Fixes #1014 Fixes #858 |
||
|---|---|---|
| .. | ||
| forward_auth.go | ||
| forward_auth_test.go | ||
| handlers.go | ||
| handlers_test.go | ||
| middleware.go | ||
| middleware_test.go | ||
| proxy.go | ||
| proxy_test.go | ||