No errors logged when Set-cookie header is not sent in response due to an invalid cookie #264

rmtobin · 2016-06-09T22:08:16Z

oauth2_proxy currently will silently fail to complete authentication if an invalid cookie name is set, perpetually redirecting the user back to the login screen with no errors logged.

This seems to be due to the behavior of Go's http.SetCookie method which according to the docs: The provided cookie must have a valid Name. Invalid cookies may be silently dropped.. Since oauth2_proxy's authentication relies on setting a cookie, there should be validation that the MakeCookie method makes a valid cookie, and subsequently, that the Set-Cookie header is actually included in the response headers.

The text was updated successfully, but these errors were encountered:

tanuck mentioned this issue Jul 17, 2016

Validate cookie name #278

Merged

jehiah closed this as completed in #278 Jul 19, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

No errors logged when Set-cookie header is not sent in response due to an invalid cookie #264

No errors logged when Set-cookie header is not sent in response due to an invalid cookie #264

rmtobin commented Jun 9, 2016

No errors logged when Set-cookie header is not sent in response due to an invalid cookie #264

No errors logged when Set-cookie header is not sent in response due to an invalid cookie #264

Comments

rmtobin commented Jun 9, 2016