From 8ffae4505f9fb6e4d1a44708db55f5560842e9a0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 18 Aug 2022 22:42:22 +0100 Subject: [PATCH] internal: set Host on url in envoy Signed-off-by: Jens Langhammer --- internal/outpost/proxyv2/application/mode_forward.go | 1 + .../proxyv2/application/mode_forward_envoy_test.go | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/internal/outpost/proxyv2/application/mode_forward.go b/internal/outpost/proxyv2/application/mode_forward.go index 6a1761738..d4f10be23 100644 --- a/internal/outpost/proxyv2/application/mode_forward.go +++ b/internal/outpost/proxyv2/application/mode_forward.go @@ -154,6 +154,7 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request) { a.log.WithField("header", r.Header).Trace("tracing headers for debug") r.URL.Path = strings.TrimPrefix(r.URL.Path, envoyPrefix) + r.URL.Host = r.Host fwd := r.URL // Check if we're authenticated, or the request path is on the allowlist claims, err := a.getClaims(r) diff --git a/internal/outpost/proxyv2/application/mode_forward_envoy_test.go b/internal/outpost/proxyv2/application/mode_forward_envoy_test.go index 30d75f3da..71b222139 100644 --- a/internal/outpost/proxyv2/application/mode_forward_envoy_test.go +++ b/internal/outpost/proxyv2/application/mode_forward_envoy_test.go @@ -24,7 +24,8 @@ func TestForwardHandleEnvoy_Single_Skip(t *testing.T) { func TestForwardHandleEnvoy_Single_Headers(t *testing.T) { a := newTestApplication() - req, _ := http.NewRequest("GET", "http://test.goauthentik.io/app", nil) + req, _ := http.NewRequest("GET", "http:///app", nil) + req.Host = "ext.t.goauthentik.io" rr := httptest.NewRecorder() a.forwardHandleEnvoy(rr, req) @@ -39,7 +40,7 @@ func TestForwardHandleEnvoy_Single_Headers(t *testing.T) { "state": []string{s.Values[constants.SessionOAuthState].([]string)[0]}, } assert.Equal(t, fmt.Sprintf("http://fake-auth.t.goauthentik.io/auth?%s", shouldUrl.Encode()), loc.String()) - assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect]) + assert.Equal(t, "http://ext.t.goauthentik.io/app", s.Values[constants.SessionRedirect]) } func TestForwardHandleEnvoy_Single_Claims(t *testing.T) { @@ -91,7 +92,8 @@ func TestForwardHandleEnvoy_Domain_Header(t *testing.T) { a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.CookieDomain = api.PtrString("foo") a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io" - req, _ := http.NewRequest("GET", "http://test.goauthentik.io/app", nil) + req, _ := http.NewRequest("GET", "http:///app", nil) + req.Host = "test.goauthentik.io" rr := httptest.NewRecorder() a.forwardHandleEnvoy(rr, req)