You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When installed multiple instances of oauth-proxy in the same k8s cluster, for example one instance for dev and a second one for qa purposes, the cookies generated for the two instances will have the same Domain yourcompany.com. The browser will submit both cookies with different names, given by the -cookie-name parameter.
Scale this with multiple instances used for various purposes, the cookie size increases unnecessary breaking the nginx proxy default configuration.
Expected Behavior
The configuration of the cookie being generated by one oauth-proxy instance should allow enough flexibility for the cookie to take into consideration the domain and path, standard attributes of the cookie.
In the scenario described above, the cookie generated by the dev instance of the proxy should have Domain yourcompany.com and Path /dev while the one for the qa instance should have Domain yourcompany.com and Path /qa. Thus, only the correct cookie generated by the oauth-proxy instance is being sent by the browser.
Current Behavior
Multiple cookies are being sent to the oauth-proxy instance increasing the header size, breaking the nginx proxy configuration.
The current implementation is hardcoding the Path to / thus removing the Cookie's flexibility to be specific for one path.
Expose the standard Path attribute as oauth-proxy configuration parameter under -cookie-path to allow customisation of the Cookie's standard attribute. If left empty, then the Path should be defaulted to / as it is now.
Steps to Reproduce (for bugs)
Install oauth-proxy instance to k8s cluster for the dev environment under -proxy-prefix=/dev/oauth,
Install oauth-proxy instance to k8s cluster for the qa environment under -proxy-prefix=/qa/oauth,
Invoke an application secured by the qa proxy. Check for the cookies being sent by the browser,
Both cookies are being sent not only the qa one. There is no way to configure the cookie with the current implementation.
Context
Your Environment
Version used: 3.1.0
The text was updated successfully, but these errors were encountered:
I will create a PR with the solution proposed in the description, creating a new config optional parameter called -cookie-path , defaulted value being set to / , allowing the Path attribute of the Cookie to be configured.
costelmoraru
changed the title
Cookie path is hardcoded to / limiting to one use the -cookie-domain field.
Cookie path is hardcoded to / limiting to only use the -cookie-domain field.
Apr 9, 2019
When installed multiple instances of
oauth-proxy
in the same k8s cluster, for example one instance fordev
and a second one forqa
purposes, the cookies generated for the two instances will have the same Domainyourcompany.com
. The browser will submit both cookies with different names, given by the-cookie-name
parameter.Scale this with multiple instances used for various purposes, the cookie size increases unnecessary breaking the nginx proxy default configuration.
Expected Behavior
The configuration of the cookie being generated by one
oauth-proxy
instance should allow enough flexibility for the cookie to take into consideration the domain and path, standard attributes of the cookie.In the scenario described above, the cookie generated by the
dev
instance of the proxy should have Domainyourcompany.com
and Path/dev
while the one for theqa
instance should have Domainyourcompany.com
and Path/qa
. Thus, only the correct cookie generated by theoauth-proxy
instance is being sent by the browser.Current Behavior
Multiple cookies are being sent to the
oauth-proxy
instance increasing the header size, breaking the nginx proxy configuration.The current implementation is hardcoding the
Path
to/
thus removing the Cookie's flexibility to be specific for one path.Possible Solution
Expose the standard
Path
attribute asoauth-proxy
configuration parameter under-cookie-path
to allow customisation of the Cookie's standard attribute. If left empty, then thePath
should be defaulted to/
as it is now.Steps to Reproduce (for bugs)
oauth-proxy
instance to k8s cluster for the dev environment under-proxy-prefix=/dev/oauth
,oauth-proxy
instance to k8s cluster for the qa environment under-proxy-prefix=/qa/oauth
,qa
proxy. Check for the cookies being sent by the browser,qa
one. There is no way to configure the cookie with the current implementation.Context
Your Environment
The text was updated successfully, but these errors were encountered: