Exclude token cookie from request sent to backend

itzg · Mar 3, 2021 · b1e8773 · b1e8773
1 parent 318f7ba
commit b1e8773
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/server/proxy.go b/server/proxy.go
@@ -102,6 +102,14 @@ func (p *proxy) handler(respOutWriter http.ResponseWriter, reqIn *http.Request)
 
 	copyHeaders(reqOut.Header, reqIn.Header)
 
+	reqOut.Header.Del("Cookie")
+	cookies := reqIn.Cookies()
+	for _, cookie := range cookies {
+		if cookie.Name != tokenCookieName {
+			reqOut.Header.Add("Cookie", cookie.String())
+		}
+	}
+
 	p.checkForNewAuth(&sessionClaims)
 
 	if p.config.AttributeHeaderMappings != nil {

diff --git a/server/server.go b/server/server.go
@@ -19,6 +19,8 @@ import (
 
 const fetchMetadataTimeout = 30 * time.Second
 
+const tokenCookieName = "token"
+
 type Config struct {
 	Version                 bool              `usage:"show version and exit" env:""`
 	Bind                    string            `default:":8080" usage:"[host:port] to bind for serving HTTP"`
@@ -115,6 +117,7 @@ func Start(ctx context.Context, cfg *Config) error {
 		Key:          keyPair.PrivateKey.(*rsa.PrivateKey),
 		CookieMaxAge: cfg.CookieMaxAge,
 		CookieDomain: cookieDomain,
+		CookieName:   tokenCookieName,
 	})
 
 	proxy, err := NewProxy(cfg)