You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The Skipper webhook filter allows requests to be filtered based on the status code received from an authorisation/authentication endpoint. By default, Skipper will return an empty response with a status code of 401 or 403 if a request is rejected.
This behaviour is well-suited to API traffic, but doesn't work for frontend traffic where the user agent should be redirected upon rejection.
Describe the solution you would like
When an authentication endpoint returns a HTTP redirect - i.e. a HTTP 302 Found - then Skipper should return that redirect to the user agent.
These changes would be limited to:
Introducing a new conditional to catch responses with a status code of 302 - in webhook.go#L124-L128.
Introducing a new function - redirect - which is the equivalent of the existing reject function - in auth.go#L136-L142 - but copies the Location header from the authentication endpoint response.
This should not be a breaking change as currently 302 Found has no specific meaning to the webhook filter: it's caught by the default behaviour which returns 401 Unauthorized.
Would you like to work on it?
Yes, I have a Pull Request prepared - #3131
The text was updated successfully, but these errors were encountered:
This commit changes the behaviour of the webhook filter when a 302 Found
response is recieved from the AuthN/AuthZ endpoint. As a result, it allows
front-end facing (i.e. non-API) traffic to be filtered via the webhook.
Documentation updates and increased test coverage is included.
Incidental: Prevent the webhook client from following redirects from the
AuthN/AuthZ endpoint: during testing I realised that the default `net/http`
behaviour was in use - i.e. redirects were followed.
Signed-off-by: Fergus Morrow <fergus@ometria.com>
Is your feature request related to a problem? Please describe.
The Skipper
webhook
filter allows requests to be filtered based on the status code received from an authorisation/authentication endpoint. By default, Skipper will return an empty response with a status code of 401 or 403 if a request is rejected.This behaviour is well-suited to API traffic, but doesn't work for frontend traffic where the user agent should be redirected upon rejection.
Describe the solution you would like
When an authentication endpoint returns a HTTP redirect - i.e. a HTTP
302 Found
- then Skipper should return that redirect to the user agent.These changes would be limited to:
redirect
- which is the equivalent of the existingreject
function - in auth.go#L136-L142 - but copies theLocation
header from the authentication endpoint response.This should not be a breaking change as currently
302 Found
has no specific meaning to thewebhook
filter: it's caught by the default behaviour which returns401 Unauthorized
.Would you like to work on it?
Yes, I have a Pull Request prepared - #3131
The text was updated successfully, but these errors were encountered: