Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

forwardauth: Skip copying missing response headers #6608

Merged
merged 1 commit into from
Nov 4, 2024
Merged

forwardauth: Skip copying missing response headers #6608

merged 1 commit into from
Nov 4, 2024

Conversation

francislavoie
Copy link
Member

@francislavoie francislavoie commented Oct 6, 2024
edited
Loading

Reported here: https://caddy.community/t/copy-header-copying-empty-headers-with-authelia/25885, but I think it has been mentioned elsewhere before as well. Fixes #6610

Basically, because we use ReplaceKnown in the request_header handler for placeholders, the copy_header shortcut for forward_auth would cause the request headers to be set to the placeholder string itself instead of skipping, when the response was missing that header.

The fix is to use a not vars matcher to check that the response header placeholder has a non-empty value first.

Unfortunately this produces some super verbose JSON config, but the behaviour will be more correct.

@francislavoie francislavoie requested a review from mholt October 6, 2024 17:51
@francislavoie francislavoie added the bug 🐞 Something isn't working label Oct 6, 2024
@francislavoie francislavoie added this to the v2.9.0-beta.3 milestone Oct 6, 2024
@francislavoie francislavoie mentioned this pull request Oct 7, 2024
Closed
@francislavoie francislavoie force-pushed the forward-auth-empty-headers branch from 6afa8a2 to 8bce42e Compare October 7, 2024 21:40
@francislavoie francislavoie force-pushed the forward-auth-empty-headers branch from 8bce42e to 222a84f Compare October 10, 2024 20:54
mholt
mholt approved these changes Nov 4, 2024
View reviewed changes
Copy link
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, thanks for maintaining this!

@mholt mholt merged commit 05cfb12 into master Nov 4, 2024
33 checks passed
@mholt mholt deleted the forward-auth-empty-headers branch November 4, 2024 21:58
@BrewTestBot BrewTestBot mentioned this pull request Dec 31, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mholt mholt mholt approved these changes

Assignees
No one assigned
Labels
bug 🐞 Something isn't working
Projects
None yet
Milestone
v2.9.0-beta.3
Development

Successfully merging this pull request may close these issues.

ForwardAuth with copy_headers leaves template code in header if auth backend doesn't set that header
2 participants
@francislavoie @mholt