This PR tries to fix oathkeeper rules not handling urls with trailing slashes.
The "deny" regex should match everything except for the allowed endpoints.
# deny regex
^(https|http):\/\/example.com(?!\/welcome((\/.*$)|$)|\/about\/app((\/.*$)|$)).*
# will match the first 3
https://example.com/about/
https://example.com/
https://example.com
https://example.com/about/app
https://example.com/welcome
https://example.com/about/app/
https://example.com/welcome/
With the previous regex, the third url is not matched, while the last two are. Both cases are incorrect.
# allow regex
^(https|http):\/\/example.com\/welcome((\/.*$)|$)
# will match both
https://example.com/welcome
https://example.com/welcome/
With the previous regex, only the first one is matched
This PR tries to fix oathkeeper rules not handling urls with trailing slashes. The "deny" regex should match everything except for the allowed endpoints.
You can quickly check it with https://regex101.com/
With the previous regex, the third url is not matched, while the last two are. Both cases are incorrect.
With the previous regex, only the first one is matched