Skip to content

Commit

Permalink
fix app access regression when the app is on a leaf cluster (#47778) (#…
Browse files Browse the repository at this point in the history
…49056)

* only redirect to the public addr of an app when an app redirect is required

* rename local variable from 'host' to 'addr'

* rename param

Co-authored-by: Andrew LeFevre <andrew.lefevre@goteleport.com>
  • Loading branch information
avatus and capnspacehook authored Nov 15, 2024
1 parent c053ba2 commit 79064a5
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 8 deletions.
9 changes: 6 additions & 3 deletions lib/web/app/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -622,11 +622,14 @@ const (
//
// The URL's are formed this way to help isolate the path params reserved for the app
// launchers route, where order and existence of previous params matter for this route.
func makeAppRedirectURL(r *http.Request, proxyPublicAddr, hostname string, req launcherURLParams) string {
func makeAppRedirectURL(r *http.Request, proxyPublicAddr, addr string, req launcherURLParams) string {
if req.requiresAppRedirect {
addr = req.publicAddr
}
u := url.URL{
Scheme: "https",
Host: proxyPublicAddr,
Path: fmt.Sprintf("/web/launch/%s", hostname),
Path: fmt.Sprintf("/web/launch/%s", addr),
}

// Presence of a stateToken means we are beginning an app auth exchange.
Expand All @@ -639,7 +642,7 @@ func makeAppRedirectURL(r *http.Request, proxyPublicAddr, hostname string, req l
v.Add("required-apps", req.requiredAppFQDNs)
u.RawQuery = v.Encode()

urlPath := []string{"web", "launch", hostname}
urlPath := []string{"web", "launch", addr}

// The order and existence of previous params matter.
//
Expand Down
6 changes: 1 addition & 5 deletions lib/web/app/middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,12 +81,8 @@ func (h *Handler) redirectToLauncher(w http.ResponseWriter, r *http.Request, p l
"https://goteleport.com/docs/application-access/guides/connecting-apps/#start-authproxy-service.")
return trace.BadParameter("public address of the proxy is not set")
}
host := p.publicAddr
if host == "" {
host = r.Host
}

addr, err := utils.ParseAddr(host)
addr, err := utils.ParseAddr(r.Host)
if err != nil {
return trace.Wrap(err)
}
Expand Down

0 comments on commit 79064a5

Please sign in to comment.