Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ignore query string when using X-Forwarded-Uri #1025

Merged
merged 1 commit into from Nov 8, 2022
Merged

fix: ignore query string when using X-Forwarded-Uri #1025

merged 1 commit into from Nov 8, 2022

Conversation

pingiun
Copy link
Contributor

@pingiun pingiun commented Oct 18, 2022

Related issue(s)

Fixes #1003

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • N/A: I have added or changed the documentation.

Further Comments

@pingiun pingiun requested a review from aeneasr as a code owner October 18, 2022 16:33
@codecov
Copy link

codecov bot commented Oct 18, 2022
edited

Codecov Report

Merging #1025 (8e6a712) into master (b9365a6) will decrease coverage by 0.86%.
The diff coverage is 100.00%.

❗ Current head 8e6a712 differs from pull request most recent head 7be1366. Consider uploading reports for the commit 7be1366 to get more accurate results

@@            Coverage Diff             @@
##           master    #1025      +/-   ##
==========================================
- Coverage   78.70%   77.83%   -0.87%     
==========================================
  Files          83       82       -1     
  Lines        3869     3952      +83     
==========================================
+ Hits         3045     3076      +31     
- Misses        554      597      +43     
- Partials      270      279       +9
Impacted Files Coverage Δ
api/decision.go 95.55% <100.00%> (ø)
internal/cloudstorage/setup.go 60.13% <0.00%> (-9.10%) ⬇️
x/url.go 60.00% <0.00%> (ø)
x/trace.go 75.00% <0.00%> (ø)
api/rule.go 52.17% <0.00%> (ø)
cmd/root.go 15.38% <0.00%> (ø)
x/router.go 100.00% <0.00%> (ø)
cmd/rules.go 50.00% <0.00%> (ø)
cmd/serve.go 100.00% <0.00%> (ø)
... and 74 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@pingiun pingiun force-pushed the fix-query-string-forwarded-header branch from 7b22d88 to 633f53f Compare October 19, 2022 11:39
@pingiun pingiun force-pushed the fix-query-string-forwarded-header branch from 633f53f to 7be1366 Compare November 7, 2022 13:16
@pingiun
Copy link
Contributor Author

pingiun commented Nov 7, 2022

@aeneasr could I get a review on this? This is basically a perfect PR:

  • It fixes a real bug that blocks some people from using oathkeeper (unable to use traefik+oathkeeper currently)
  • It's very small, easy to review
  • It includes tests

I don't want to keep updating my branch from master, just to get no responses

@aeneasr
Copy link
Member

aeneasr commented Nov 8, 2022

Absolutely, sorry for the long review time and ping! :)

@aeneasr aeneasr merged commit 6fa3978 into ory:master Nov 8, 2022
@pingiun pingiun deleted the fix-query-string-forwarded-header branch November 8, 2022 08:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Using X-Forwarded-Uri header does not URL-decode or filter queries before matching rules
2 participants
@pingiun @aeneasr