-
-
Notifications
You must be signed in to change notification settings - Fork 348
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add support for X-Forwarded-Proto header #665
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, this looks great!
Could you please add a test or two to ensure this doesn't regress in future changes?
Are you still up for the changes? :) If you need any help, let us know! |
Hi @aeneasr I am very sorry for the lack of update. I hadn't been spending time on using oathkeeper in the past weeks.
I have originally assumed that I could add additional test onto Where should I add the test to? Is it appropriate to create a new folder for this? For example:
|
07876ee
to
0a089d9
Compare
No problem! The best place to test this is probably here: https://github.com/ory/oathkeeper/blob/0a089d9f513160c9792027bd2057a2180a1be3a6/proxy/proxy_test.go#L47 |
Hi @aeneasr, I have added some new tests that add Before commit: 62e657e
After commit: 62e657e
However, (1) Reference func EnrichRequestedURL(r *http.Request) {
r.URL.Scheme = "http"
r.URL.Host = r.Host
if r.TLS != nil || strings.EqualFold(r.Header.Get("X-Forwarded-Proto"), "https") {
// ^^^^^
//
// In the tests, r.TLS is always `nil`.
r.URL.Scheme = "https"
}
} |
Cool! Yeah, to enable HTTPS you would need to use If you want, you can set up a minimal new test case just for that function with both TLS enabled and disabled! |
Are you still up for the changes? 🧐 If you need any help, let us know! I'll convert this to a draft in the meanwhile. When it's ready for review again, please remove the draft indicator! 👀 |
Hi @aeneasr, do you really think testing is necessary for such a simple feature? |
Tests are important to open source projects because the allow reviewers to better judge if the changes are doing what was intended. They also ensure that your changes never regress / break when someone else works on code that is related to this. If you need help with the tests feel free to push your work in progress and ping myself or another maintainer 🙋 |
Does the |
0a089d9
to
34ce3a7
Compare
34ce3a7
to
a79ba8b
Compare
Added the test I was looking for: 67221fb Will merge when tests pass :) |
Codecov Report
@@ Coverage Diff @@
## master #665 +/- ##
==========================================
+ Coverage 62.47% 62.51% +0.04%
==========================================
Files 102 102
Lines 4813 4813
==========================================
+ Hits 3007 3009 +2
+ Misses 1531 1530 -1
+ Partials 275 274 -1
Continue to review full report at Codecov.
|
Related issue
Addresses #153
Context: #153 (comment)
Proposed changes
Check
X-Forwarded-Proto
header insideproxy.(*Proxy)
EnrichRequestedURL
using the same logic in #638Checklist
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
security@ory.sh) from the maintainers to push
the changes.
works.
Further comments