fix: handle GET requests only in auth handlerfuncs

* we receive an OPTIONS request (chrome) first which ends the authflow if we do not separate GET and OPTIONS * https://issues.chromium.org/issues/330594669 Co-authored-by: ybelmekk <[email protected]> Co-authored-by: tronghn <[email protected]> Co-authored-by: christeredvartsen <[email protected]>
nais · Mar 22, 2024 · f545106 · f545106
1 parent 6dd537d
commit f545106
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 10 deletions.
diff --git a/internal/device-agent/auth/azure.go b/internal/device-agent/auth/azure.go
@@ -28,10 +28,7 @@ func handleRedirectAzure(state string, conf oauth2.Config, codeVerifier *codever
 			return
 		}
 
-		// We used to use r.Context() here, but a Google Chrome update broke that.
-		// It seems that Chrome closes the HTTP connection prematurely, because the context
-		// is at this point already canceled.
-		ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(30*time.Second))
+		ctx, cancel := context.WithDeadline(r.Context(), time.Now().Add(30*time.Second))
 		defer cancel()
 
 		codeVerifierParam := oauth2.SetAuthURLParam("code_verifier", codeVerifier.String())

diff --git a/internal/device-agent/auth/common.go b/internal/device-agent/auth/common.go
@@ -45,8 +45,8 @@ func GetDeviceAgentToken(ctx context.Context, log logrus.FieldLogger, conf oauth
 
 	handler := http.NewServeMux()
 	// define a handler that will get the authorization code, call the authFlowResponse endpoint, and close the HTTP server
-	handler.HandleFunc("/", handleRedirectAzure(state, conf, codeVerifier, authFlowChan))
-	handler.HandleFunc("/google", handleRedirectGoogle(state, conf.RedirectURL, codeVerifier, authFlowChan, authServer))
+	handler.HandleFunc("GET /", handleRedirectAzure(state, conf, codeVerifier, authFlowChan))
+	handler.HandleFunc("GET /google", handleRedirectGoogle(state, conf.RedirectURL, codeVerifier, authFlowChan, authServer))
 
 	server := &http.Server{Handler: handler}
 	go server.Serve(listener)

diff --git a/internal/device-agent/auth/google.go b/internal/device-agent/auth/google.go
@@ -38,10 +38,7 @@ func handleRedirectGoogle(state, redirectURI string, codeVerifier *codeverifier.
 			return
 		}
 
-		// We used to use r.Context() here, but a Google Chrome update broke that.
-		// It seems that Chrome closes the HTTP connection prematurely, because the context
-		// is at this point already canceled.
-		ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second))
+		ctx, cancel := context.WithDeadline(r.Context(), time.Now().Add(10*time.Second))
 		defer cancel()
 
 		exchangeRequest := ExchangeRequest{