mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[FEATURE] Support secure websocket connections. (#656)
* Add WSS support for insecure scheme detection WSS connections were broken by the introduction of this check. Adding WSS as a supported scheme for secure connections prevents a 401 being returned for an authorised connection. * Add tests for WSS Also extend HTTPS tests to ensure they do not catch WSS URLs
This commit is contained in:
parent
82d8e1d57a
commit
829757d3bc
|
@ -22,6 +22,10 @@ func isSchemeHTTPS(url *url.URL) bool {
|
|||
return url.Scheme == "https"
|
||||
}
|
||||
|
||||
func isSchemeWSS(url *url.URL) bool {
|
||||
return url.Scheme == "wss"
|
||||
}
|
||||
|
||||
// getOriginalURL extract the URL from the request headers (X-Original-URI or X-Forwarded-* headers).
|
||||
func getOriginalURL(ctx *middlewares.AutheliaCtx) (*url.URL, error) {
|
||||
originalURL := ctx.XOriginalURL()
|
||||
|
@ -207,8 +211,8 @@ func VerifyGet(ctx *middlewares.AutheliaCtx) {
|
|||
return
|
||||
}
|
||||
|
||||
if !isSchemeHTTPS(targetURL) {
|
||||
ctx.Logger.Error(fmt.Errorf("Scheme of target URL %s must be 'https' since cookies are "+
|
||||
if !isSchemeHTTPS(targetURL) && !isSchemeWSS(targetURL) {
|
||||
ctx.Logger.Error(fmt.Errorf("Scheme of target URL %s must be secure since cookies are "+
|
||||
"only transported over a secure connection for security reasons", targetURL.String()))
|
||||
ctx.ReplyUnauthorized()
|
||||
return
|
||||
|
|
|
@ -588,7 +588,29 @@ func TestSchemeIsHTTPS(t *testing.T) {
|
|||
|
||||
assert.False(t, isSchemeHTTPS(
|
||||
GetURL("http://mytest.example.com/abc/?query=abc")))
|
||||
assert.False(t, isSchemeHTTPS(
|
||||
GetURL("ws://mytest.example.com/abc/?query=abc")))
|
||||
assert.False(t, isSchemeHTTPS(
|
||||
GetURL("wss://mytest.example.com/abc/?query=abc")))
|
||||
assert.True(t, isSchemeHTTPS(
|
||||
GetURL("https://mytest.example.com/abc/?query=abc")))
|
||||
|
||||
}
|
||||
|
||||
func TestSchemeIsWSS(t *testing.T) {
|
||||
GetURL := func(u string) *url.URL {
|
||||
x, err := url.ParseRequestURI(u)
|
||||
require.NoError(t, err)
|
||||
return x
|
||||
}
|
||||
|
||||
assert.False(t, isSchemeWSS(
|
||||
GetURL("ws://mytest.example.com/abc/?query=abc")))
|
||||
assert.False(t, isSchemeWSS(
|
||||
GetURL("http://mytest.example.com/abc/?query=abc")))
|
||||
assert.False(t, isSchemeWSS(
|
||||
GetURL("https://mytest.example.com/abc/?query=abc")))
|
||||
assert.True(t, isSchemeWSS(
|
||||
GetURL("wss://mytest.example.com/abc/?query=abc")))
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user