Commit 6387bf4c authored by ale's avatar ale

Block default favicon requests

If we don't, they will trigger the login handler and invalidate the
current session (if any), which prevents the user from being able to
log in.
parent c9da7d18
......@@ -122,6 +122,13 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
return nil, err
}
root.Handle(h.urlFor("/favicon.ico"), siteFavicon)
} else if urlPrefix == "" {
// Block default favicon requests (created by error pages, or
// if we don't set a custom favicon) *before* the login
// handler runs, or it will invalidate the session!
root.HandleFunc(h.urlFor("/favicon.ico"), func(w http.ResponseWriter, r *http.Request) {
http.NotFound(w, r)
})
}
// Serve static content to anyone.
......@@ -212,6 +219,13 @@ func (h *Server) loginCallback(ctx context.Context, username, password string, u
// signing a token with the user's identity. The client is redirected back to
// the original service, with the signed token.
func (h *Server) handleGrantTicket(w http.ResponseWriter, req *http.Request) {
// We need this check here because this handler is usually
// mounted at the application root.
if req.URL.Path != h.urlFor("/") {
http.NotFound(w, req)
return
}
// Extract the authorization request parameters from the HTTP
// request query args.
//
......@@ -380,15 +394,6 @@ func parseEmbeddedTemplates() *template.Template {
return root
}
// Template helper function that encodes its input as JSON.
func toJSON(obj interface{}) string {
data, err := json.Marshal(obj)
if err != nil {
return ""
}
return string(data)
}
func sl2bl(sl []string) [][]byte {
var out [][]byte
for _, s := range sl {
......@@ -424,6 +429,15 @@ func intersectGroups(a, b []string) []string {
return out
}
// Template helper function that encodes its input as JSON.
func toJSON(obj interface{}) string {
data, err := json.Marshal(obj)
if err != nil {
return ""
}
return string(data)
}
// Return an integrity= attribute for the given URI (which should be
// supplied without an eventual prefix).
func sriIntegrity(uri string) template.HTML {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment