diff --git a/roles/lemonldap_ng/defaults/main.yml b/roles/lemonldap_ng/defaults/main.yml index 0a4bc3a..ea2a90b 100644 --- a/roles/lemonldap_ng/defaults/main.yml +++ b/roles/lemonldap_ng/defaults/main.yml @@ -62,9 +62,3 @@ llng_handler_db_user: lemonldapnghandler # llng_db_pass: s3cr3t. # llng_handler_db_pass -# List of headers to protect. Those will be cleared for unauthenticated users -llng_protected_headers: - - Auth-User - - User-Name - - User-Groups - - User-Mail diff --git a/roles/lemonldap_ng/templates/llng_headers.inc.j2 b/roles/lemonldap_ng/templates/llng_headers.inc.j2 index 80f5b4e..a5c8b48 100644 --- a/roles/lemonldap_ng/templates/llng_headers.inc.j2 +++ b/roles/lemonldap_ng/templates/llng_headers.inc.j2 @@ -28,22 +28,40 @@ auth_request_set $headername14 $upstream_http_headername14; auth_request_set $headervalue14 $upstream_http_headervalue14; auth_request_set $headername15 $upstream_http_headername15; auth_request_set $headervalue15 $upstream_http_headervalue15; +auth_request_set $deleteheader1 $upstream_http_deleteheader1; +auth_request_set $deleteheader2 $upstream_http_deleteheader2; +auth_request_set $deleteheader3 $upstream_http_deleteheader3; +auth_request_set $deleteheader4 $upstream_http_deleteheader4; +auth_request_set $deleteheader5 $upstream_http_deleteheader5; +auth_request_set $deleteheader6 $upstream_http_deleteheader6; +auth_request_set $deleteheader7 $upstream_http_deleteheader7; +auth_request_set $deleteheader8 $upstream_http_deleteheader8; +auth_request_set $deleteheader9 $upstream_http_deleteheader9; +auth_request_set $deleteheader10 $upstream_http_deleteheader10; +auth_request_set $deleteheader11 $upstream_http_deleteheader11; +auth_request_set $deleteheader12 $upstream_http_deleteheader12; +auth_request_set $deleteheader13 $upstream_http_deleteheader13; +auth_request_set $deleteheader14 $upstream_http_deleteheader14; +auth_request_set $deleteheader15 $upstream_http_deleteheader15; auth_request_set $lmcookie $upstream_http_cookie; access_by_lua ' - i = 1 + local i = 1 ngx.req.set_header("Cookie",ngx.var.lmcookie) - if ngx.var.lmremote_user ~= nil and ngx.var.lmremote_user ~= "" then - while true do - if ngx.var["headername"..i] ~= nil then - ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i]) - else - break - end - i = i +1 + while true do + if ngx.var["headername"..i] ~= nil then + ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i]) + else + break + end + i = i + 1 + end + i = 1 + while true do + if ngx.var["deleteheader"..i] ~= nil then + ngx.req.clear_header(ngx.var["deleteheader"..i]) + else + break end - else -{% for header in llng_protected_headers %} - ngx.req.set_header("{{ header }}",nil) -{% endfor %} + i = i + 1 end ';