Skip to content
This repository was archived by the owner on Jan 24, 2019. It is now read-only.

Commit c0160c1

Browse files
jehiahjehiah
committed
Merge pull request #72 from jehiah/cookie_fixes_72
clear cookie fix
2 parents d5169f9 + 07c74f5 commit c0160c1

1 file changed

Lines changed: 19 additions & 10 deletions

File tree

oauthproxy.go

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import (
88
"html/template"
99
"io/ioutil"
1010
"log"
11+
"net"
1112
"net/http"
1213
"net/http/httputil"
1314
"net/url"
@@ -244,25 +245,38 @@ func jwtDecodeSegment(seg string) ([]byte, error) {
244245
}
245246

246247
func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
247-
domain := strings.Split(req.Host, ":")[0]
248-
if p.CookieDomain != "" && strings.HasSuffix(domain, p.CookieDomain) {
248+
domain := req.Host
249+
if h, _, err := net.SplitHostPort(domain); err == nil {
250+
domain = h
251+
}
252+
if p.CookieDomain != "" {
253+
if !strings.HasSuffix(domain, p.CookieDomain) {
254+
log.Printf("Warning: request host is %q but using configured cookie domain of %q", domain, p.CookieDomain)
255+
}
249256
domain = p.CookieDomain
250257
}
251258
cookie := &http.Cookie{
252259
Name: p.CookieKey,
253260
Value: "",
254261
Path: "/",
255262
Domain: domain,
256-
Expires: time.Now().Add(time.Duration(1) * time.Hour * -1),
257263
HttpOnly: p.CookieHttpOnly,
264+
Secure: p.CookieSecure,
265+
Expires: time.Now().Add(time.Duration(1) * time.Hour * -1),
258266
}
259267
http.SetCookie(rw, cookie)
260268
}
261269

262270
func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val string) {
263271

264-
domain := strings.Split(req.Host, ":")[0] // strip the port (if any)
265-
if p.CookieDomain != "" && strings.HasSuffix(domain, p.CookieDomain) {
272+
domain := req.Host
273+
if h, _, err := net.SplitHostPort(domain); err == nil {
274+
domain = h
275+
}
276+
if p.CookieDomain != "" {
277+
if !strings.HasSuffix(domain, p.CookieDomain) {
278+
log.Printf("Warning: request host is %q but using configured cookie domain of %q", domain, p.CookieDomain)
279+
}
266280
domain = p.CookieDomain
267281
}
268282
cookie := &http.Cookie{
@@ -444,11 +458,6 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
444458

445459
if !ok {
446460
user, ok = p.CheckBasicAuth(req)
447-
// if we want to promote basic auth requests to cookie'd requests, we could do that here
448-
// not sure that would be ideal in all circumstances though
449-
// if ok {
450-
// p.SetCookie(rw, req, user)
451-
// }
452461
}
453462

454463
if !ok {

0 commit comments

Comments
 (0)