Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
caddy
Commits
6aa0e30a
Commit
6aa0e30a
authored
7 years ago
by
Matthew Holt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
basicauth: Don't remove Authorization header on good auth (fixes #1508)
parent
5a41e8bc
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
5 additions
and
9 deletions
+5
-9
caddyhttp/basicauth/basicauth.go
caddyhttp/basicauth/basicauth.go
+2
-7
caddyhttp/basicauth/basicauth_test.go
caddyhttp/basicauth/basicauth_test.go
+3
-2
No files found.
caddyhttp/basicauth/basicauth.go
View file @
6aa0e30a
...
...
@@ -62,13 +62,8 @@ func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error
// by this point, authentication was successful
isAuthenticated
=
true
// remove credentials from request to avoid leaking upstream
r
.
Header
.
Del
(
"Authorization"
)
// let upstream middleware (e.g. fastcgi and cgi) know about authenticated
// user; this replaces the request with a wrapped instance
r
=
r
.
WithContext
(
context
.
WithValue
(
r
.
Context
(),
caddy
.
CtxKey
(
"remote_user"
),
username
))
// let upstream middleware (e.g. fastcgi and cgi) know about authenticated user
r
=
r
.
WithContext
(
context
.
WithValue
(
r
.
Context
(),
caddy
.
CtxKey
(
"remote_user"
),
username
))
}
}
...
...
This diff is collapsed.
Click to expand it.
caddyhttp/basicauth/basicauth_test.go
View file @
6aa0e30a
...
...
@@ -92,8 +92,9 @@ func TestBasicAuth(t *testing.T) {
t
.
Errorf
(
"Test %d: response should have a 'Www-Authenticate' header"
,
i
)
}
}
else
{
if
got
,
want
:=
req
.
Header
.
Get
(
"Authorization"
),
""
;
got
!=
want
{
t
.
Errorf
(
"Test %d: Expected Authorization header to be stripped from request after successful authentication, but is: %s"
,
i
,
got
)
if
req
.
Header
.
Get
(
"Authorization"
)
==
""
{
// see issue #1508: https://github.com/mholt/caddy/issues/1508
t
.
Errorf
(
"Test %d: Expected Authorization header to be retained after successful auth, but was empty"
,
i
)
}
}
}
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment