fix(server): Fix issue with auto oauth redirect URL in callback and handle proxies #6175
Conversation
handle proxies Signed-off-by: Stefan Sedich <[email protected]>
|
@alexec this one will be needed too, sorry about that I goofed with the first PR and turns out I had not quite gotten things right, teach me for not testing properly 😢 |
Codecov Report
@@ Coverage Diff @@
## master #6175 +/- ##
==========================================
- Coverage 47.55% 47.53% -0.02%
==========================================
Files 250 250
Lines 15806 15809 +3
==========================================
- Hits 7516 7515 -1
+ Misses 7353 7352 -1
- Partials 937 942 +5
Continue to review full report at Codecov.
|
| @@ -307,8 +308,8 @@ func (as *argoServer) newHTTPServer(ctx context.Context, port int, artifactServe | |||
| mux.HandleFunc("/input-artifacts/", artifactServer.GetInputArtifact) | |||
| mux.HandleFunc("/artifacts-by-uid/", artifactServer.GetOutputArtifactByUID) | |||
| mux.HandleFunc("/input-artifacts-by-uid/", artifactServer.GetInputArtifactByUID) | |||
| mux.HandleFunc("/oauth2/redirect", as.oAuth2Service.HandleRedirect) | |||
| mux.HandleFunc("/oauth2/callback", as.oAuth2Service.HandleCallback) | |||
| mux.Handle("/oauth2/redirect", handlers.ProxyHeaders(http.HandlerFunc(as.oAuth2Service.HandleRedirect))) | |||
There was a problem hiding this comment.
Using the ProxyHeaders handler r.URL.Scheme will be populated if any of the x-forwarded-proto headers are set by the proxy, this ensures things work properly even when Argo is running insecure behind a proxy terminating TLS.
Turns out I didn't quite get #6167 quite right, two things needed to be addressed:
s.secureto decide if we use http or https for the callback falls down when we are behind a proxy and are not running in secure modeThis PR addresses the two issues above and ensures things actually work as I originally intended.
Checklist: