search

bitly / oauth2_proxy

A reverse proxy that provides authentication with Google, Github or other provider
MIT License
5.1k stars 1.21k forks source link

requests with double slashes get redirected #625

Open oppianmatt opened 6 years ago

oppianmatt commented 6 years ago

When making a request to the url like:

https://foo.example.com/match/%5EHOST%5C%2F/top/5?b=1

oauth2_proxy issues a 301 redirect like so:

content-length: 62
content-type: text/html; charset=utf-8
date: Thu, 28 Jun 2018 14:09:11 GMT
location: /match/%5EHOST%5C/top/5?b=1
status: 301

Note it changes %2F/ to just /

%2F is / urldecoded

The request doesn't even make it to the backend.

ploxiln commented 6 years ago

This is a long-standing issue unfortunately: #506 (I think the cause is httputil.NewSingleHostReverseProxy())