Log in with OIDC not work with MINIO_DOMAIN (#8558) (#8559)

master
Sergey Morgunov 5 years ago committed by Harshavardhana
parent fb43d64dc3
commit 06bd1e582a
  1. 13
      cmd/generic-handlers.go

@ -152,6 +152,7 @@ func containsReservedMetadata(header http.Header) bool {
const (
minioReservedBucket = "minio"
minioReservedBucketPath = SlashSeparator + minioReservedBucket
loginPathPrefix = SlashSeparator + "login"
)
// Adds redirect rules for incoming requests.
@ -279,6 +280,16 @@ func isAdminReq(r *http.Request) bool {
return strings.HasPrefix(r.URL.Path, adminPathPrefix)
}
// guessIsLoginSTSReq - returns true if incoming request is Login STS user
func guessIsLoginSTSReq(req *http.Request) bool {
if req == nil {
return false
}
return strings.HasPrefix(req.URL.Path, loginPathPrefix) ||
(req.Method == http.MethodPost && req.URL.Path == SlashSeparator &&
getRequestAuthType(req) == authTypeSTS)
}
// Adds verification for incoming paths.
type minioReservedBucketHandler struct {
handler http.Handler
@ -608,7 +619,7 @@ type bucketForwardingHandler struct {
func (f bucketForwardingHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if globalDNSConfig == nil || len(globalDomainNames) == 0 ||
guessIsHealthCheckReq(r) || guessIsMetricsReq(r) ||
guessIsRPCReq(r) || isAdminReq(r) {
guessIsRPCReq(r) || guessIsLoginSTSReq(r) || isAdminReq(r) {
f.handler.ServeHTTP(w, r)
return
}

Loading…
Cancel
Save