forked from mystiq/dex
Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302)
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the project. However, the endpoints redirected to explicitly expects the client to make a GET request. If a HTTP client issues a POST request to a server and receives a HTTP 307 redirect, it forwards the POST request to the new URL. When using 302 the HTTP client will issue a GET request. Fixes #287
This commit is contained in:
parent
789d9a68cc
commit
5d284e08ae
7 changed files with 12 additions and 12 deletions
|
@ -170,7 +170,7 @@ func handleLoginFunc(lf oidc.LoginFunc, tpl *template.Template, idp *LocalIdenti
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Set("Location", redirectURL)
|
w.Header().Set("Location", redirectURL)
|
||||||
w.WriteHeader(http.StatusTemporaryRedirect)
|
w.WriteHeader(http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
return func(w http.ResponseWriter, r *http.Request) {
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
|
@ -101,7 +101,7 @@ func (c *OAuth2Connector) handleCallbackFunc(lf oidc.LoginFunc, errorURL url.URL
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
w.Header().Set("Location", redirectURL)
|
w.Header().Set("Location", redirectURL)
|
||||||
w.WriteHeader(http.StatusTemporaryRedirect)
|
w.WriteHeader(http.StatusFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -171,7 +171,7 @@ func (c *OIDCConnector) handleCallbackFunc(lf oidc.LoginFunc, errorURL url.URL)
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Set("Location", redirectURL)
|
w.Header().Set("Location", redirectURL)
|
||||||
w.WriteHeader(http.StatusTemporaryRedirect)
|
w.WriteHeader(http.StatusFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,5 +81,5 @@ func redirectAuthError(w http.ResponseWriter, err error, state string, redirectU
|
||||||
redirectURL.RawQuery = q.Encode()
|
redirectURL.RawQuery = q.Encode()
|
||||||
|
|
||||||
w.Header().Set("Location", redirectURL.String())
|
w.Header().Set("Location", redirectURL.String())
|
||||||
w.WriteHeader(http.StatusTemporaryRedirect)
|
w.WriteHeader(http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
|
@ -211,7 +211,7 @@ func TestWriteAuthError(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRedirectAuthError(t *testing.T) {
|
func TestRedirectAuthError(t *testing.T) {
|
||||||
wantCode := http.StatusTemporaryRedirect
|
wantCode := http.StatusFound
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
err error
|
err error
|
||||||
|
|
|
@ -383,7 +383,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
|
||||||
q.Set("code", key)
|
q.Set("code", key)
|
||||||
ru := httpPathRegister + "?" + q.Encode()
|
ru := httpPathRegister + "?" + q.Encode()
|
||||||
w.Header().Set("Location", ru)
|
w.Header().Set("Location", ru)
|
||||||
w.WriteHeader(http.StatusTemporaryRedirect)
|
w.WriteHeader(http.StatusFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -404,7 +404,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
|
||||||
|
|
||||||
http.SetCookie(w, createLastSeenCookie())
|
http.SetCookie(w, createLastSeenCookie())
|
||||||
w.Header().Set("Location", lu)
|
w.Header().Set("Location", lu)
|
||||||
w.WriteHeader(http.StatusTemporaryRedirect)
|
w.WriteHeader(http.StatusFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -104,7 +104,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
|
||||||
"connector_id": []string{"fake"},
|
"connector_id": []string{"fake"},
|
||||||
"scope": []string{"openid"},
|
"scope": []string{"openid"},
|
||||||
},
|
},
|
||||||
wantCode: http.StatusTemporaryRedirect,
|
wantCode: http.StatusFound,
|
||||||
wantLocation: "http://fake.example.com",
|
wantLocation: "http://fake.example.com",
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -117,7 +117,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
|
||||||
"connector_id": []string{"fake"},
|
"connector_id": []string{"fake"},
|
||||||
"scope": []string{"openid"},
|
"scope": []string{"openid"},
|
||||||
},
|
},
|
||||||
wantCode: http.StatusTemporaryRedirect,
|
wantCode: http.StatusFound,
|
||||||
wantLocation: "http://fake.example.com",
|
wantLocation: "http://fake.example.com",
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
|
||||||
"connector_id": []string{"fake"},
|
"connector_id": []string{"fake"},
|
||||||
"scope": []string{"openid"},
|
"scope": []string{"openid"},
|
||||||
},
|
},
|
||||||
wantCode: http.StatusTemporaryRedirect,
|
wantCode: http.StatusFound,
|
||||||
wantLocation: "http://client.example.com/callback?error=unsupported_response_type&state=",
|
wantLocation: "http://client.example.com/callback?error=unsupported_response_type&state=",
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -229,7 +229,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
|
||||||
"connector_id": []string{"fake"},
|
"connector_id": []string{"fake"},
|
||||||
"scope": []string{"openid"},
|
"scope": []string{"openid"},
|
||||||
},
|
},
|
||||||
wantCode: http.StatusTemporaryRedirect,
|
wantCode: http.StatusFound,
|
||||||
wantLocation: "http://fake.example.com",
|
wantLocation: "http://fake.example.com",
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -242,7 +242,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
|
||||||
"connector_id": []string{"fake"},
|
"connector_id": []string{"fake"},
|
||||||
"scope": []string{"openid"},
|
"scope": []string{"openid"},
|
||||||
},
|
},
|
||||||
wantCode: http.StatusTemporaryRedirect,
|
wantCode: http.StatusFound,
|
||||||
wantLocation: "http://fake.example.com",
|
wantLocation: "http://fake.example.com",
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue