nginx-auth-cas-lua icon indicating copy to clipboard operation
nginx-auth-cas-lua copied to clipboard
verified publisher icon EsupPortail

When removing ticket from request URI, beware of other query parameters

Open kljensen opened this issue 5 years ago • 4 comments

I believe that the regular expression on this line would "eat" both the ticket parameter and all parameters that follow. e.g. a url like &ticket=foo and &ticket=foo&next=bar would have bar "eaten".

local function _uri_without_ticket()
   return ngx.var.scheme .. "://" .. ngx.var.host ..  ngx.re.sub(ngx.var.request_uri, "[?&]ticket=.*", "")
end

(I'm happy to submit a pull request proposing a fix.)

kljensen avatar May 11 '20 11:05 kljensen

AFAIK CAS is always appending the ticket last, though the specification is not clear about this.

So not important IMO, but ok for a pull request.

prigaux avatar May 11 '20 11:05 prigaux

ngx.var.host to ngx.var.http_host

bajins avatar Apr 17 '21 04:04 bajins

ngx.var.host to ngx.var.http_host

can you confirm you suggest this change because your url has a specific port number? if that's the case, i suggest you open a specific issue.

prigaux avatar May 03 '21 10:05 prigaux

I still hope to send a PR. 😞. My life is opening up a bit so I'll get on it within the next week.

kljensen avatar May 03 '21 10:05 kljensen