Skip to content
Snippets Groups Projects
Commit 6387bf4c authored by ale's avatar ale
Browse files

Block default favicon requests 

If we don't, they will trigger the login handler and invalidate the
current session (if any), which prevents the user from being able to
log in.
parent c9da7d18
No related branches found
No related tags found
1 merge request!6Refactor the login handler
This commit is part of merge request !6. Comments created here will be created in the context of that merge request.
Show whitespace changes
Inline Side-by-side
Showing
with 23 additions and 9 deletions
server/http.go
+ 23
9
View file @ 6387bf4c
...@@ -122,6 +122,13 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi ...@@ -122,6 +122,13 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
return nil, err return nil, err
} }
root.Handle(h.urlFor("/favicon.ico"), siteFavicon) root.Handle(h.urlFor("/favicon.ico"), siteFavicon)
} else if urlPrefix == "" {
// Block default favicon requests (created by error pages, or
// if we don't set a custom favicon) *before* the login
// handler runs, or it will invalidate the session!
root.HandleFunc(h.urlFor("/favicon.ico"), func(w http.ResponseWriter, r *http.Request) {
http.NotFound(w, r)
})
} }
// Serve static content to anyone. // Serve static content to anyone.
...@@ -212,6 +219,13 @@ func (h *Server) loginCallback(ctx context.Context, username, password string, u ...@@ -212,6 +219,13 @@ func (h *Server) loginCallback(ctx context.Context, username, password string, u
// signing a token with the user's identity. The client is redirected back to // signing a token with the user's identity. The client is redirected back to
// the original service, with the signed token. // the original service, with the signed token.
func (h *Server) handleGrantTicket(w http.ResponseWriter, req *http.Request) { func (h *Server) handleGrantTicket(w http.ResponseWriter, req *http.Request) {
// We need this check here because this handler is usually
// mounted at the application root.
if req.URL.Path != h.urlFor("/") {
http.NotFound(w, req)
return
}
// Extract the authorization request parameters from the HTTP // Extract the authorization request parameters from the HTTP
// request query args. // request query args.
// //
...@@ -380,15 +394,6 @@ func parseEmbeddedTemplates() *template.Template { ...@@ -380,15 +394,6 @@ func parseEmbeddedTemplates() *template.Template {
return root return root
} }
// Template helper function that encodes its input as JSON.
func toJSON(obj interface{}) string {
data, err := json.Marshal(obj)
if err != nil {
return ""
}
return string(data)
}
func sl2bl(sl []string) [][]byte { func sl2bl(sl []string) [][]byte {
var out [][]byte var out [][]byte
for _, s := range sl { for _, s := range sl {
...@@ -424,6 +429,15 @@ func intersectGroups(a, b []string) []string { ...@@ -424,6 +429,15 @@ func intersectGroups(a, b []string) []string {
return out return out
} }
// Template helper function that encodes its input as JSON.
func toJSON(obj interface{}) string {
data, err := json.Marshal(obj)
if err != nil {
return ""
}
return string(data)
}
// Return an integrity= attribute for the given URI (which should be // Return an integrity= attribute for the given URI (which should be
// supplied without an eventual prefix). // supplied without an eventual prefix).
func sriIntegrity(uri string) template.HTML { func sriIntegrity(uri string) template.HTML {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment