fix(oidc): use XFH header from backend for cookie domain

2025-06-08 20:42:34 +02:00 · 2025-04-22 09:57:44 +08:00 · 2025-04-22 09:57:44 +08:00 · 0a8aa2b215
commit 0a8aa2b215
parent 5a984f5c0c
1 changed files with 13 additions and 3 deletions
--- a/internal/api/v1/auth/utils.go
+++ b/internal/api/v1/auth/utils.go
@ -25,10 +25,20 @@ var (
 //	"abc.example.com" -> "example.com"
 //	"example.com" -> ""
 func cookieFQDN(r *http.Request) string {
-	host, _, err := net.SplitHostPort(r.Host)
-	if err != nil {
-		host = r.Host
+	var host string
+	// check if it's from backend
+	switch r.Host {
+	case common.APIHTTPAddr:
+		// use XFH
+		host = r.Header.Get("X-Forwarded-Host")
+	default:
+		var err error
+		host, _, err = net.SplitHostPort(r.Host)
+		if err != nil {
+			host = r.Host
+		}
 	}
+
 	parts := strutils.SplitRune(host, '.')
 	if len(parts) < 2 {
 		return ""