Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
Encode full URL in state, not just path. Use encoded URL for
cross-domain redirect. This is useful for OAuth2 providers that
do not support multiple callback URLs, like https://oauth.yandex.com/
|
|
Really use application/x-www-form-urlencoded
instead of query paramaters.
Apparently, Google and LinkedIn are too tolerant. Yandex is not.
|
|
https://tech.yandex.com/oauth/
|
|
From RFC 7231:
6.6.3. 502 Bad Gateway
The 502 (Bad Gateway) status code indicates that the server, while
acting as a gateway or proxy, received an invalid response from an
inbound server it accessed while attempting to fulfill the request.
|
|
|
|
|
|
Motivation: to make it easy to switch Sproxy's primary port.
This could be useful when running private (behind Sproxy) and public
(e. g. nginx) HTTPS services on the same server. In such a setup
one can use port 443 for public services and alt. HTTPS port 8443
for Sproxy.
Before this change, Sproxy took possible port number into account
when looking for backend and privileges. Now it ignores port and
considers domain name only.
This also gets Sproxy in line with browsers and SSL certificates:
certificates do not include port numbers, browsers ignore ports
when sending cookies.
|
|
This feature was ambiguous (in the same way as paths are)
and never used anyway.
|
|
This changes semantics of these options:
- key
- oauth2.<provider>.client_secret
They are no longer files, but strings. To read content
from files, use !include. The point of being files or
read from files is to segregate secrets from non-sensitive
easily discoverable settings. With !include it is much
more simple and flexible.
|
|
This can be useful when Sproxy is behind some
other proxy or load-balancer.
|
|
|
|
Use persistent prepared statements for PostgreSQL data source.
Import should be faster from now on.
|
|
|
|
Especially X-Family-Name, X-Given-Name.
Since we get all the data from JSON and JSON is in UTF8
by default RFC 7159, we are safe.
Refactored to make it less error-prone and to get
as small number of encoding/decoding as possible.
|
|
|
|
We have our own traps and logging.
|
|
|
|
|
|
|
|
By underlying HTTP Client or WAI
|
|
|
|
If method of the original query is GET,
redirect to original path with query parameters.
Otherwise redirect to "/".
Previously, when unauthenticated users click on "https://example.net/foo?bar",
they are redirected to "https://example.net/foo" after authentication.
Now, they will be redirected to "https://example.net/foo?bar"
|
|
|