only clear the session cookie if it's present · directxman12.dev/proxy-in-anger@82433eb

a (hacky, wip) multi-tenant oidc-terminating reverse proxy, written in anger on top of pingora

only clear the session cookie if it's present

this should clear up some of the header map iteration order issues --
they're still there (gotta patch pingora, _grumbles_), but you'll run
into them less.

directxman12.dev 1 month ago 82433eb6 c9dcddab

+21 -2

1 changed file

expand all

src

gateway.rs

+21 -2

src/gateway.rs

··· 649 649 where 650 650 Self::CTX: Send + Sync, 651 651 { 652 - // if we had no valid session, clear the cookie 652 + // if we had no valid session, clear the cookie if set 653 653 if !ctx.session_valid { 654 - let mut cookies = CookieJar::default(); 654 + let Some(mut cookies) = ('cookies: { 655 + let Some(raw) = upstream_response.headers.get(http::header::COOKIE) else { 656 + break 'cookies None; 657 + }; 658 + Some( 659 + raw.to_str() 660 + .map_err(Box::<dyn ErrorTrait + Send + Sync>::from) 661 + .and_then(|c| Ok(CookieJar::parse(c)?)) 662 + .map_err(status_error_from( 663 + "bad cookie header", 664 + ErrorSource::Downstream, 665 + StatusCode::BAD_REQUEST, 666 + ))?, 667 + ) 668 + }) else { 669 + return Ok(()); 670 + }; 671 + if cookies.get(SESSION_COOKIE_NAME).is_none() { 672 + return Ok(()); 673 + } 655 674 cookies.remove(SESSION_COOKIE_NAME); 656 675 657 676 cookies.as_header_values().into_iter().try_for_each(|v| {