Really delete header when using Nginx (#2434)

2021-01-14 11:40:21 +01:00 · 2021-01-14 11:40:21 +01:00 · 6294ff7238
parent 8a6f00c53c
commit 6294ff7238
3 changed files with 33 additions and 7 deletions
--- a/_example/etc/nginx-lua-headers.conf
+++ b/_example/etc/nginx-lua-headers.conf
@ -29,6 +29,17 @@
    auth_request_set $headername15 $upstream_http_headername15;
    auth_request_set $headervalue15 $upstream_http_headervalue15;
    auth_request_set $lmcookie $upstream_http_cookie;
+    auth_request_set $deleteheader1 $upstream_http_deleteheader1;
+    auth_request_set $deleteheader2 $upstream_http_deleteheader2;
+    auth_request_set $deleteheader3 $upstream_http_deleteheader3;
+    auth_request_set $deleteheader4 $upstream_http_deleteheader4;
+    auth_request_set $deleteheader5 $upstream_http_deleteheader5;
+    auth_request_set $deleteheader6 $upstream_http_deleteheader6;
+    auth_request_set $deleteheader7 $upstream_http_deleteheader7;
+    auth_request_set $deleteheader8 $upstream_http_deleteheader8;
+    auth_request_set $deleteheader9 $upstream_http_deleteheader9;
+    auth_request_set $deleteheader10 $upstream_http_deleteheader10;
+    auth_request_set $deleteheader11 $upstream_http_deleteheader11;
    access_by_lua '
      local i = 1
      ngx.req.set_header("Cookie",ngx.var.lmcookie)
@ -40,5 +51,14 @@
        end
        i = i +1
      end
+      i = 1
+      while true do
+        if ngx.var["deleteheader"..i] ~= nil then
+	  ngx.req.clear_header(ngx.var["deleteheader"..i])
+        else
+          break
+        end
+        i = i +1
+      end
    ';

--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Main.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Main.pm
@ -26,12 +26,18 @@ sub set_header_in {
 }

 sub unset_header_in {
-    my ( $class, $req, $header ) = @_;
-    $req->{respHeaders} = [ grep { $_ ne $header and $_ ne cgiName($header) }
-          @{ $req->{respHeaders} } ];
-    delete $req->{env}->{ cgiName($header) };
-    $header =~ s/-/_/g;
-    delete $req->{env}->{$header};
+    my ( $class, $req, @headers ) = @_;
+    my $i = 1;
+    foreach my $header(@headers) {
+        $class->logger->debug("Delete header $header");
+        $req->{respHeaders} = [ grep { $_ ne $header and $_ ne cgiName($header) }
+              @{ $req->{respHeaders} } ];
+        delete $req->{env}->{ cgiName($header) };
+        push @{ $req->{respHeaders} }, "Deleteheader$i", $header;
+        $header =~ s/-/_/g;
+        delete $req->{env}->{$header};
+        $i++;
+    }
 }

 # Inheritence is broken in this case with Debian >= jessie
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm
@ -70,7 +70,7 @@ sub handler {
      ( 'Content-Length' => 0, Cookie => ( $req->env->{HTTP_COOKIE} // '' ) );
    my $i = 0;
    while ( my ( $k, $v ) = splice( @{ $req->{respHeaders} }, 0, 2 ) ) {
-        if ( $k =~ /^(?:Lm-Remote-(?:User|Custom)|Cookie)$/ ) {
+        if ( $k =~ /^(?:Deleteheader\d+|Lm-Remote-(?:User|Custom)|Cookie)$/ ) {
            push @convertedHdrs, $k, $v;
        }
        else {