From 2e86c44aa5e5e21b7848cf18d13f5826921f3eef Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 19 May 2023 07:12:31 +0200 Subject: [PATCH] fix: delete cookies (#5885) Co-authored-by: Livio Spring --- internal/api/grpc/server/gateway.go | 2 +- internal/api/http/cookie.go | 4 ++-- internal/api/http/middleware/access_interceptor.go | 6 +++--- internal/api/ui/console/console.go | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/internal/api/grpc/server/gateway.go b/internal/api/grpc/server/gateway.go index eed0234be9..dc69ec75e5 100644 --- a/internal/api/grpc/server/gateway.go +++ b/internal/api/grpc/server/gateway.go @@ -210,7 +210,7 @@ type cookieResponseWriter struct { func (r *cookieResponseWriter) WriteHeader(status int) { if status >= 200 && status < 300 { - r.accessInterceptor.DeleteExhaustedCookie(r.ResponseWriter, r.request) + r.accessInterceptor.DeleteExhaustedCookie(r.ResponseWriter) } if status == http.StatusTooManyRequests { r.accessInterceptor.SetExhaustedCookie(r.ResponseWriter, r.request) diff --git a/internal/api/http/cookie.go b/internal/api/http/cookie.go index c7867646cc..ecc243e8ec 100644 --- a/internal/api/http/cookie.go +++ b/internal/api/http/cookie.go @@ -123,8 +123,8 @@ func (c *CookieHandler) SetEncryptedCookie(w http.ResponseWriter, name, domain s return nil } -func (c *CookieHandler) DeleteCookie(w http.ResponseWriter, r *http.Request, name string) { - c.httpSet(w, name, r.Host, "", -1) +func (c *CookieHandler) DeleteCookie(w http.ResponseWriter, name string) { + c.httpSet(w, name, "", "", -1) } func (c *CookieHandler) httpSet(w http.ResponseWriter, name, domain, value string, maxage int) { diff --git a/internal/api/http/middleware/access_interceptor.go b/internal/api/http/middleware/access_interceptor.go index 469fdd16d7..7d05619ecc 100644 --- a/internal/api/http/middleware/access_interceptor.go +++ b/internal/api/http/middleware/access_interceptor.go @@ -77,8 +77,8 @@ func (a *AccessInterceptor) SetExhaustedCookie(writer http.ResponseWriter, reque a.cookieHandler.SetCookie(writer, a.limitConfig.ExhaustedCookieKey, domain, cookieValue) } -func (a *AccessInterceptor) DeleteExhaustedCookie(writer http.ResponseWriter, request *http.Request) { - a.cookieHandler.DeleteCookie(writer, request, a.limitConfig.ExhaustedCookieKey) +func (a *AccessInterceptor) DeleteExhaustedCookie(writer http.ResponseWriter) { + a.cookieHandler.DeleteCookie(writer, a.limitConfig.ExhaustedCookieKey) } func (a *AccessInterceptor) Handle(next http.Handler) http.Handler { @@ -96,7 +96,7 @@ func (a *AccessInterceptor) Handle(next http.Handler) http.Handler { http.Error(wrappedWriter, "quota for authenticated requests is exhausted", http.StatusTooManyRequests) } if !limited && !a.storeOnly { - a.DeleteExhaustedCookie(wrappedWriter, request) + a.DeleteExhaustedCookie(wrappedWriter) } if !limited { next.ServeHTTP(wrappedWriter, request) diff --git a/internal/api/ui/console/console.go b/internal/api/ui/console/console.go index ae8159c6eb..320d753b4d 100644 --- a/internal/api/ui/console/console.go +++ b/internal/api/ui/console/console.go @@ -125,7 +125,7 @@ func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, call if exhausted { limitingAccessInterceptor.SetExhaustedCookie(w, r) } else { - limitingAccessInterceptor.DeleteExhaustedCookie(w, r) + limitingAccessInterceptor.DeleteExhaustedCookie(w) } _, err = w.Write(environmentJSON) logging.OnError(err).Error("error serving environment.json")