mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
92d328926d
* refactor(handlers): lower case error messages also refactor verifyAuth function to detect malicious activity both with session cookie and authorization header. * refacto(handlers): simplify error construction * fix(handlers): check prefix in authorization header to determine auth method * fix(handlers): determining the method should be done with headers instead of query arg * refacto(handlers): rollback changes of verifyAuth * don't lowercase log messages * Apply suggestions from code review Make sure logger errors are not lowercased. * fix: uppercase logger errors and remove unused param * Do not lowercase logger errors * Remove unused param targetURL * Rename url variable to not conflict with imported package Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
14 lines
537 B
Go
14 lines
537 B
Go
package handlers
|
|
|
|
import "errors"
|
|
|
|
// InternalError is the error message sent when there was an internal error but it should
|
|
// be hidden to the end user. In that case the error should be in the server logs.
|
|
const InternalError = "Internal error."
|
|
|
|
// UnauthorizedError is the error message sent when the user is not authorized.
|
|
const UnauthorizedError = "You're not authorized."
|
|
|
|
var errMissingXForwardedHost = errors.New("missing header X-Forwarded-Host")
|
|
var errMissingXForwardedProto = errors.New("missing header X-Forwarded-Proto")
|