arcodange-org/webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix :authority header not working

Browse Source
This commit is contained in:
Gabriel Radureau
2024-10-16 14:35:16 +02:00
parent 13870390a3
commit 5da0f2150b
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
main.go
View File

@@ -21,7 +21,7 @@ import (
var (
db *sql.DB // Global database connection
c = cache.New(5*time.Minute, 10*time.Minute)
oauthAllowedHttp2Authority = os.Getenv("OAUTH_ALLOWED_HTTP2_AUTHORITY") // URL authorized for device code
oauthAllowedHost = os.Getenv("OAUTH_ALLOWED_HOST") // URL authorized for device code
oauthDeviceCodeAllowedIPs = strings.Split(os.Getenv("OAUTH_DEVICE_CODE_ALLOWED_IPS"), ",") // IPS autorisées pour /retrieve
)
@@ -150,12 +150,12 @@ func oauth2_callback(w http.ResponseWriter, r *http.Request) {
// Vérifier le référent (ou origine)
authorityHeader := r.Header.Get(":authority")
if oauthAllowedHttp2Authority != "" && authorityHeader != oauthAllowedHttp2Authority {
fmt.Println(":authority: "+authorityHeader)
fmt.Println("received headers")
hostHeader := strings.Trim(r.Header.Get("X-Forwarded-Host"), "[]")
if oauthAllowedHost != "" && hostHeader != oauthAllowedHost {
fmt.Fprintln(os.Stderr, "X-Forwarded-Host: "+hostHeader)
fmt.Fprintln(os.Stderr, "received headers")
for key, value := range r.Header {
fmt.Printf("%s='%s'\n", key, value)
fmt.Fprintf(os.Stderr, "%s='%s'\n", key, value)
}
http.Error(w, "Access denied: invalid referer or origin", http.StatusForbidden)
return