Enable UseEncodedPath() for frontend mux

This allows urls with encoded characters (e.g.: /%2F/) to pass to the upstream mux instead of triggering a HTTP 301 from the frontend. Otherwise a /%2F/test/ will result in a HTTP 301 -> /test/
2021-08-09 12:46:26 +00:00 · 2021-08-09 12:46:26 +00:00 · ae72beb24e
commit ae72beb24e
parent ccbb98acd9
2 changed files with 12 additions and 1 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -265,7 +265,9 @@ func (p *OAuthProxy) setupServer(opts *options.Options) error {
 }

 func (p *OAuthProxy) buildServeMux(proxyPrefix string) {
-	r := mux.NewRouter()
+	// Use the encoded path here so we can have the option to pass it on in the upstream mux.
+	// Otherwise something like /%2F/ would be redirected to / here already.
+	r := mux.NewRouter().UseEncodedPath()
 	// Everything served by the router must go through the preAuthChain first.
 	r.Use(p.preAuthChain.Then)

--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@ -915,6 +915,15 @@ func TestUserInfoEndpointUnauthorizedOnNoCookieSetError(t *testing.T) {
 	assert.Equal(t, http.StatusUnauthorized, test.rw.Code)
 }

+func TestEncodedUrlsStayEncoded(t *testing.T) {
+	encodeTest, err := NewSignInPageTest(false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	code, _ := encodeTest.GetEndpoint("/%2F/test1/%2F/test2")
+	assert.Equal(t, 403, code)
+}
+
 func NewAuthOnlyEndpointTest(querystring string, modifiers ...OptionsModifier) (*ProcessCookieTest, error) {
 	pcTest, err := NewProcessCookieTestWithOptionsModifiers(modifiers...)
 	if err != nil {