Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect to HTTPS first before basic auth if header redirect (secure) is set #3187

Merged
merged 2 commits into from
Apr 16, 2018
Merged

Redirect to HTTPS first before basic auth if header redirect (secure) is set #3187

merged 2 commits into from
Apr 16, 2018

Conversation

SantoDE
Copy link
Collaborator

@SantoDE SantoDE commented Apr 13, 2018

What does this PR do?

Fixes #3134 by moving the order of middleware invoking

Motivation

Don't transfer basic auth credentials over an insecure connection if security headers are set.

@traefiker traefiker added this to the 1.6 milestone Apr 13, 2018
@SantoDE SantoDE changed the title fix: redirect to HTTPS first before basic auth if Redirect is set fix: redirect to HTTPS first before basic auth if header redirect (escure) is set Apr 13, 2018
@SantoDE SantoDE changed the title fix: redirect to HTTPS first before basic auth if header redirect (escure) is set fix: redirect to HTTPS first before basic auth if header redirect (secure) is set Apr 13, 2018
mmatur
mmatur requested changes Apr 13, 2018
View reviewed changes
server/server.go Outdated
n.UseFunc(secureMiddleware.HandlerFuncWithNextForRequestOnly)
}

if config.Backends[frontend.Backend].Buffering != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bye bye Buffering 👋

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Buffering is for the weak.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing happened @dtomcej @mmatur :D 😇

mmatur
mmatur approved these changes Apr 16, 2018
View reviewed changes
Copy link
Member

@mmatur mmatur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nmengin
nmengin approved these changes Apr 16, 2018
View reviewed changes
Copy link
Contributor

@nmengin nmengin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

juliens
juliens approved these changes Apr 16, 2018
View reviewed changes
Copy link
Member

@juliens juliens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@traefiker traefiker merged commit 0e3d1e1 into traefik:v1.6 Apr 16, 2018
@traefiker traefiker mentioned this pull request Apr 16, 2018
Closed
@mmatur mmatur changed the title fix: redirect to HTTPS first before basic auth if header redirect (secure) is set Redirect to HTTPS first before basic auth if header redirect (secure) is set Apr 16, 2018
@jbdoumenjou jbdoumenjou mentioned this pull request Jun 13, 2018
Closed
@SantoDE SantoDE deleted the bug/3134 branch October 12, 2018 09:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dtomcej dtomcej dtomcej left review comments

@juliens juliens juliens approved these changes

@mmatur mmatur mmatur approved these changes

@nmengin nmengin nmengin approved these changes

Assignees
No one assigned
Labels
area/middleware kind/bug/fix a bug fix size/S
Projects
None yet
Milestone
1.6
Development

Successfully merging this pull request may close these issues.
7 participants
@SantoDE @juliens @mmatur @nmengin @dtomcej @ldez @traefiker