Cadoles/bouncer
Cadoles
/
bouncer
10
0
Fork 0
Code Issues 2 Pull Requests 1 Projects Releases 3 Wiki Activity

feat(authn-oidc): use relative redirection to prevent internal/public host mixing

This commit is contained in:
wpetit 2024-05-24 15:27:43 +02:00
parent d5c846a9ce
commit 3e5dd446cb
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/proxy/director/layer/authn/oidc/client.go
View File

@ -2,6 +2,7 @@ package oidc
import ( import (
"bytes" "bytes"
"fmt"
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
@ -74,7 +75,7 @@ func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Se
sess.Values[sessionKeyLoginState] = state sess.Values[sessionKeyLoginState] = state
sess.Values[sessionKeyLoginNonce] = nonce sess.Values[sessionKeyLoginNonce] = nonce
sess.Values[sessionKeyPostLoginRedirectURL] = originalURL.String() sess.Values[sessionKeyPostLoginRedirectURL] = fmt.Sprintf("%s?%s", originalURL.Path, originalURL.Query().Encode())
if err := sess.Save(r, w); err != nil { if err := sess.Save(r, w); err != nil {
logger.Error(ctx, "could not save session", logger.E(errors.WithStack(err))) logger.Error(ctx, "could not save session", logger.E(errors.WithStack(err)))