TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-08 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: respect x-zitadel-forwarded header again (#8473)

Browse Source 
# Which Problems Are Solved

#8369 added the possibility to handle trusted domains for public hosts
as response. Additionally, the OIDC issuer is extracted from the
`DomainContext` and not from headers anymore.
This accidentally dropped support for the `x-zitadel-forwarded`.

# How the Problems Are Solved

Added `x-zitadel-forwarded` in the list of additionally handled headers.

# Additional Changes

None

# Additional Context

- relates to #8369
- reported in Discord:
https://discord.com/channels/927474939156643850/1275484169626980403
This commit is contained in:
Livio Spring 2024-08-21 18:36:16 +02:00 committed by GitHub
parent 08c139d3cb
commit b1f5b1979c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 26 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/api/http/header.go
View File

@ -23,6 +23,7 @@ const (
ForwardedHost = "x-forwarded-host" ForwardedHost = "x-forwarded-host"
ForwardedProto = "x-forwarded-proto" ForwardedProto = "x-forwarded-proto"
Forwarded = "forwarded" Forwarded = "forwarded"
ZitadelForwarded = "x-zitadel-forwarded"
XUserAgent = "x-user-agent" XUserAgent = "x-user-agent"
XGrpcWeb = "x-grpc-web" XGrpcWeb = "x-grpc-web"
XRequestedWith = "x-requested-with" XRequestedWith = "x-requested-with"

5
internal/api/http/middleware/origin_interceptor.go
View File

@ -17,7 +17,7 @@ func WithOrigin(fallBackToHttps bool, http1Header, http2Header string, instanceH
r, r,
fallBackToHttps, fallBackToHttps,
// to make sure we don't break existing configurations we append the existing checked headers as well // to make sure we don't break existing configurations we append the existing checked headers as well
slices.Compact(append(instanceHostHeaders, http1Header, http2Header, http_util.Forwarded, http_util.ForwardedFor, http_util.ForwardedHost, http_util.ForwardedProto)), slices.Compact(append(instanceHostHeaders, http1Header, http2Header, http_util.Forwarded, http_util.ZitadelForwarded, http_util.ForwardedFor, http_util.ForwardedHost, http_util.ForwardedProto)),
publicDomainHeaders, publicDomainHeaders,
) )
next.ServeHTTP(w, r.WithContext(http_util.WithDomainContext(r.Context(), origin))) next.ServeHTTP(w, r.WithContext(http_util.WithDomainContext(r.Context(), origin)))
@ -52,7 +52,8 @@ func hostFromRequest(r *http.Request, headers []string) (host, proto string) {
for _, header := range headers { for _, header := range headers {
switch http.CanonicalHeaderKey(header) { switch http.CanonicalHeaderKey(header) {
case http.CanonicalHeaderKey(http_util.Forwarded), case http.CanonicalHeaderKey(http_util.Forwarded),
http.CanonicalHeaderKey(http_util.ForwardedFor): http.CanonicalHeaderKey(http_util.ForwardedFor),
http.CanonicalHeaderKey(http_util.ZitadelForwarded):
hostFromHeader, protoFromHeader = hostFromForwarded(r.Header.Values(header)) hostFromHeader, protoFromHeader = hostFromForwarded(r.Header.Values(header))
case http.CanonicalHeaderKey(http_util.ForwardedHost): case http.CanonicalHeaderKey(http_util.ForwardedHost):
hostFromHeader = r.Header.Get(header) hostFromHeader = r.Header.Get(header)