Skip to content

proxy: Allow injection of request headers #244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jphines merged 2 commits into from
Aug 12, 2019
Merged

proxy: Allow injection of request headers #244

jphines merged 2 commits into from
Aug 12, 2019

Conversation

@mcfearsome
Copy link
Contributor

@mcfearsome mcfearsome commented Aug 12, 2019

  • Added InjectRequestHeaders to UpstreamConfig/OptionsConfig
  • Loop over InjectRequestHeaders during Authenticate and add headers to the request

Problem

#243

Notes

I am unfamiliar with Go and was unsure how to go about testing the actual adding of the headers. If someone would be kind enough to point me in the right direction I can continue.

@mcfearsome
proxy: Allow injection of request headers
485ffe1 
* Added InjectRequestHeaders to UpstreamConfig/OptionsConfig
* Loop over InjectRequestHeaders during Authenticate and add headers to the request
@codecov
Copy link

codecov bot commented Aug 12, 2019
edited
Loading

Codecov Report

Merging #244 into master will decrease coverage by 0.02%.
The diff coverage is 33.33%.

@@            Coverage Diff             @@
##           master     #244      +/-   ##
==========================================
- Coverage   62.25%   62.22%   -0.03%     
==========================================
  Files          50       50              
  Lines        4069     4072       +3     
==========================================
+ Hits         2533     2534       +1     
- Misses       1349     1350       +1     
- Partials      187      188       +1
Impacted Files Coverage Δ
internal/proxy/oauthproxy.go 50.73% <0%> (-0.25%) ⬇️
internal/proxy/proxy_config.go 78.26% <100%> (+0.11%) ⬆️

jphines
jphines suggested changes Aug 12, 2019
View reviewed changes
Copy link
Contributor

@jphines jphines left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, this looks great! Just one small nit about placement of setting headers.

Additionally, can we add some documentation to https://github.com/buzzfeed/sso/blob/master/docs/sso_config.md?

internal/proxy/oauthproxy.go Outdated
req.Header.Set("X-Forwarded-Email", session.Email)
req.Header.Set("X-Forwarded-Groups", strings.Join(session.Groups, ","))

for key, val := range p.upstreamConfig.InjectRequestHeaders {
Copy link
Contributor

@jphines jphines Aug 12, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's move these above setting of the X-Forwarded- headers. We don't want to allow impersonation by setting these headers from a config.

Copy link
Contributor Author

@mcfearsome mcfearsome Aug 12, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved

@mcfearsome
proxy: move header injection
1f22e8a 
* Moved header injection so that other used headers cannot be overridden
* Updated sso_config documentation to reflect new addition
@jphines jphines merged commit 65be4a5 into buzzfeed:master Aug 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jphines jphines jphines approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mcfearsome @jphines