From e124bf26d49a6d6c71708640daf481e4002471db Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 2 Dec 2017 22:35:25 +0000
Subject: [PATCH] Properly build the full URL for the 'd' parameter

---
 httpsso/handler.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/httpsso/handler.go b/httpsso/handler.go
index 75a61eb..f2a8123 100644
--- a/httpsso/handler.go
+++ b/httpsso/handler.go
@@ -142,7 +142,7 @@ func (s *SSOWrapper) redirectToLogin(w http.ResponseWriter, req *http.Request, s
 
 	v := make(url.Values)
 	v.Set("s", service)
-	v.Set("d", req.URL.String())
+	v.Set("d", getFullURL(req, "https").String())
 	v.Set("n", nonce)
 	v.Set("g", strings.Join(groups, ","))
 	loginURL := s.serverURL + "?" + v.Encode()
@@ -159,6 +159,16 @@ func pathFromService(service string) string {
 	return service[i:]
 }
 
+// Return a full URL from a HTTP request, assuming the given scheme
+// (the URL field in net/http.Request normally only contains path and
+// query args).
+func getFullURL(req *http.Request, scheme string) *url.URL {
+	u := *req.URL
+	u.Scheme = scheme
+	u.Host = req.Host
+	return &u
+}
+
 func makeUniqueNonce() string {
 	var b [8]byte
 	if _, err := rand.Read(b[:]); err != nil {
-- 
GitLab