Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manage Headers for the Authentication forwarding. #2132

Merged
merged 3 commits into from
Sep 18, 2017
Merged

Manage Headers for the Authentication forwarding. #2132

merged 3 commits into from
Sep 18, 2017

Conversation

ldez
Copy link
Contributor

@ldez ldez commented Sep 18, 2017

Description

  • copy request headers
  • add X-Forwarded-* headers

@traefiker traefiker added this to the 1.4 milestone Sep 18, 2017
@ldez ldez force-pushed the refactor/forward-auth-headers branch from 11dc1f1 to 926fed5 Compare September 18, 2017 09:20
@emilevauge emilevauge mentioned this pull request Sep 18, 2017
Closed
@ldez ldez force-pushed the refactor/forward-auth-headers branch from 926fed5 to 08ffc09 Compare September 18, 2017 09:47
juliens
juliens approved these changes Sep 18, 2017
View reviewed changes
Copy link
Member

@juliens juliens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nmengin
nmengin approved these changes Sep 18, 2017
View reviewed changes
Copy link
Contributor

@nmengin nmengin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ekozan
ekozan reviewed Sep 18, 2017
View reviewed changes
auth/forward.go Outdated
forwardReq.Header.Set(forward.XForwardedPort, xfp)
}

if xfh := req.Header.Get(forward.XForwardedHost); xfh != "" {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a client access to admin.domain.local and send the header X-FORWARDED-HOST user.domain.local he can by-pass the auth, no ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, I added a new option "trustForwardHeader"

emilevauge
emilevauge approved these changes Sep 18, 2017
View reviewed changes
Copy link
Member

@emilevauge emilevauge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job @ldez !
LGTM

@ldez ldez force-pushed the refactor/forward-auth-headers branch from 657d6ab to 72b6f3a Compare September 18, 2017 15:25
@traefiker traefiker merged commit cb05f36 into traefik:v1.4 Sep 18, 2017
@ldez ldez added the kind/enhancement a new or improved feature. label Sep 18, 2017
@ldez ldez deleted the refactor/forward-auth-headers branch September 18, 2017 19:56
@elliotwms elliotwms mentioned this pull request Sep 28, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekozan ekozan ekozan left review comments

@nmengin nmengin nmengin approved these changes

@emilevauge emilevauge emilevauge approved these changes

@juliens juliens juliens approved these changes

Assignees
No one assigned
Labels
area/authentication kind/enhancement a new or improved feature. size/S
Projects
None yet
Milestone
1.4
Development

Successfully merging this pull request may close these issues.
6 participants
@ldez @juliens @ekozan @emilevauge @nmengin @traefiker