-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
auth: use better guesses for "aud" claim
This expands the guess at an allowable JWT audience, instead of always using the request's URL. This was incorrect if any request proxying was happening, and it almost certainly was. The code now examines the "Forwarded" header as described in RFC 7239 (https://tools.ietf.org/html/rfc7239#section-4), the various non-standard "X-Forwarded-" headers, and the request URL and guesses an acceptable audience based on the first that exists. Signed-off-by: Hank Donnay <hdonnay@redhat.com>
- Loading branch information
Showing
1 changed file
with
62 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters