mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-23 22:27:38 -05:00
basicauth: Don't remove Authorization header on good auth (fixes #1508)
This commit is contained in:
parent
5a41e8bc1a
commit
6aa0e30af3
2 changed files with 5 additions and 9 deletions
|
@ -62,13 +62,8 @@ func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error
|
|||
// by this point, authentication was successful
|
||||
isAuthenticated = true
|
||||
|
||||
// remove credentials from request to avoid leaking upstream
|
||||
r.Header.Del("Authorization")
|
||||
|
||||
// let upstream middleware (e.g. fastcgi and cgi) know about authenticated
|
||||
// user; this replaces the request with a wrapped instance
|
||||
r = r.WithContext(context.WithValue(r.Context(),
|
||||
caddy.CtxKey("remote_user"), username))
|
||||
// let upstream middleware (e.g. fastcgi and cgi) know about authenticated user
|
||||
r = r.WithContext(context.WithValue(r.Context(), caddy.CtxKey("remote_user"), username))
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -92,8 +92,9 @@ func TestBasicAuth(t *testing.T) {
|
|||
t.Errorf("Test %d: response should have a 'Www-Authenticate' header", i)
|
||||
}
|
||||
} else {
|
||||
if got, want := req.Header.Get("Authorization"), ""; got != want {
|
||||
t.Errorf("Test %d: Expected Authorization header to be stripped from request after successful authentication, but is: %s", i, got)
|
||||
if req.Header.Get("Authorization") == "" {
|
||||
// see issue #1508: https://github.com/mholt/caddy/issues/1508
|
||||
t.Errorf("Test %d: Expected Authorization header to be retained after successful auth, but was empty", i)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue