From 5d284e08aecf59c6439814be640f748001f4e884 Mon Sep 17 00:00:00 2001 From: Frode Nordahl Date: Sat, 23 Jan 2016 22:33:53 +0100 Subject: [PATCH] Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302) HTTP code 307 aka. StatusTemporaryRedirect is used throughout the project. However, the endpoints redirected to explicitly expects the client to make a GET request. If a HTTP client issues a POST request to a server and receives a HTTP 307 redirect, it forwards the POST request to the new URL. When using 302 the HTTP client will issue a GET request. Fixes #287 --- connector/connector_local.go | 2 +- connector/connector_oauth2.go | 2 +- connector/connector_oidc.go | 2 +- server/error.go | 2 +- server/error_test.go | 2 +- server/http.go | 4 ++-- server/http_test.go | 10 +++++----- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/connector/connector_local.go b/connector/connector_local.go index e25dfa54..63a949ce 100644 --- a/connector/connector_local.go +++ b/connector/connector_local.go @@ -170,7 +170,7 @@ func handleLoginFunc(lf oidc.LoginFunc, tpl *template.Template, idp *LocalIdenti } w.Header().Set("Location", redirectURL) - w.WriteHeader(http.StatusTemporaryRedirect) + w.WriteHeader(http.StatusFound) } return func(w http.ResponseWriter, r *http.Request) { diff --git a/connector/connector_oauth2.go b/connector/connector_oauth2.go index 4bc5f8ba..3a5ed145 100644 --- a/connector/connector_oauth2.go +++ b/connector/connector_oauth2.go @@ -101,7 +101,7 @@ func (c *OAuth2Connector) handleCallbackFunc(lf oidc.LoginFunc, errorURL url.URL return } w.Header().Set("Location", redirectURL) - w.WriteHeader(http.StatusTemporaryRedirect) + w.WriteHeader(http.StatusFound) return } } diff --git a/connector/connector_oidc.go b/connector/connector_oidc.go index a5c54345..e7abb7eb 100644 --- a/connector/connector_oidc.go +++ b/connector/connector_oidc.go @@ -171,7 +171,7 @@ func (c *OIDCConnector) handleCallbackFunc(lf oidc.LoginFunc, errorURL url.URL) } w.Header().Set("Location", redirectURL) - w.WriteHeader(http.StatusTemporaryRedirect) + w.WriteHeader(http.StatusFound) return } } diff --git a/server/error.go b/server/error.go index 6bb2fc2f..3fd6b2bc 100644 --- a/server/error.go +++ b/server/error.go @@ -81,5 +81,5 @@ func redirectAuthError(w http.ResponseWriter, err error, state string, redirectU redirectURL.RawQuery = q.Encode() w.Header().Set("Location", redirectURL.String()) - w.WriteHeader(http.StatusTemporaryRedirect) + w.WriteHeader(http.StatusFound) } diff --git a/server/error_test.go b/server/error_test.go index f86e408b..77c240f8 100644 --- a/server/error_test.go +++ b/server/error_test.go @@ -211,7 +211,7 @@ func TestWriteAuthError(t *testing.T) { } func TestRedirectAuthError(t *testing.T) { - wantCode := http.StatusTemporaryRedirect + wantCode := http.StatusFound tests := []struct { err error diff --git a/server/http.go b/server/http.go index 049ae778..ced52d30 100644 --- a/server/http.go +++ b/server/http.go @@ -383,7 +383,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T q.Set("code", key) ru := httpPathRegister + "?" + q.Encode() w.Header().Set("Location", ru) - w.WriteHeader(http.StatusTemporaryRedirect) + w.WriteHeader(http.StatusFound) return } } @@ -404,7 +404,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T http.SetCookie(w, createLastSeenCookie()) w.Header().Set("Location", lu) - w.WriteHeader(http.StatusTemporaryRedirect) + w.WriteHeader(http.StatusFound) return } } diff --git a/server/http_test.go b/server/http_test.go index 0820a7ce..f7262b19 100644 --- a/server/http_test.go +++ b/server/http_test.go @@ -104,7 +104,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) { "connector_id": []string{"fake"}, "scope": []string{"openid"}, }, - wantCode: http.StatusTemporaryRedirect, + wantCode: http.StatusFound, wantLocation: "http://fake.example.com", }, @@ -117,7 +117,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) { "connector_id": []string{"fake"}, "scope": []string{"openid"}, }, - wantCode: http.StatusTemporaryRedirect, + wantCode: http.StatusFound, wantLocation: "http://fake.example.com", }, @@ -153,7 +153,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) { "connector_id": []string{"fake"}, "scope": []string{"openid"}, }, - wantCode: http.StatusTemporaryRedirect, + wantCode: http.StatusFound, wantLocation: "http://client.example.com/callback?error=unsupported_response_type&state=", }, @@ -229,7 +229,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) { "connector_id": []string{"fake"}, "scope": []string{"openid"}, }, - wantCode: http.StatusTemporaryRedirect, + wantCode: http.StatusFound, wantLocation: "http://fake.example.com", }, @@ -242,7 +242,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) { "connector_id": []string{"fake"}, "scope": []string{"openid"}, }, - wantCode: http.StatusTemporaryRedirect, + wantCode: http.StatusFound, wantLocation: "http://fake.example.com", },