oauthproxy: support use-javascript-redirect

Support setting the redirect to the requested href based on js.

main.go

@@ -79,6 +79,7 @@ func main() {
 	flagSet.String("scope", "", "OAuth scope specification")
 	flagSet.String("approval-prompt", "force", "OAuth approval_prompt")
 	flagSet.String("allowed-url", "", "Regexp for allowed redirect URLs")
+	flagSet.Bool("use-javascript-redirect", false, "Use javascript on the signin page to set the redirect url")
 
 	flagSet.String("signature-key", "", "GAP-Signature request signature key (algorithm:secretkey)")
 

oauthproxy.go

@@ -55,26 +55,27 @@ type OAuthProxy struct {
 	OAuthCallbackPath string
 	AuthOnlyPath      string
 
-	redirectURL         *url.URL // the url to receive requests at
-	allowedURL          string
-	provider            providers.Provider
-	ProxyPrefix         string
-	SignInMessage       string
-	HtpasswdFile        *HtpasswdFile
-	DisplayHtpasswdForm bool
-	serveMux            http.Handler
-	SetXAuthRequest     bool
-	PassBasicAuth       bool
-	SkipProviderButton  bool
-	PassUserHeaders     bool
-	BasicAuthPassword   string
-	PassAccessToken     bool
-	CookieCipher        *cookie.Cipher
-	skipAuthRegex       []string
-	skipAuthPreflight   bool
-	compiledRegex       []*regexp.Regexp
-	templates           *template.Template
-	Footer              string
+	redirectURL           *url.URL // the url to receive requests at
+	allowedURL            string
+	UseJavascriptRedirect bool
+	provider              providers.Provider
+	ProxyPrefix           string
+	SignInMessage         string
+	HtpasswdFile          *HtpasswdFile
+	DisplayHtpasswdForm   bool
+	serveMux              http.Handler
+	SetXAuthRequest       bool
+	PassBasicAuth         bool
+	SkipProviderButton    bool
+	PassUserHeaders       bool
+	BasicAuthPassword     string
+	PassAccessToken       bool
+	CookieCipher          *cookie.Cipher
+	skipAuthRegex         []string
+	skipAuthPreflight     bool
+	compiledRegex         []*regexp.Regexp
+	templates             *template.Template
+	Footer                string
 }
 
 type UpstreamProxy struct {
@@ -230,23 +231,24 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
 		OAuthCallbackPath: fmt.Sprintf("%s/callback", opts.ProxyPrefix),
 		AuthOnlyPath:      fmt.Sprintf("%s/auth", opts.ProxyPrefix),
 
-		ProxyPrefix:        opts.ProxyPrefix,
-		provider:           opts.provider,
-		serveMux:           serveMux,
-		redirectURL:        redirectURL,
-		allowedURL:         opts.AllowedURL,
-		skipAuthRegex:      opts.SkipAuthRegex,
-		skipAuthPreflight:  opts.SkipAuthPreflight,
-		compiledRegex:      opts.CompiledRegex,
-		SetXAuthRequest:    opts.SetXAuthRequest,
-		PassBasicAuth:      opts.PassBasicAuth,
-		PassUserHeaders:    opts.PassUserHeaders,
-		BasicAuthPassword:  opts.BasicAuthPassword,
-		PassAccessToken:    opts.PassAccessToken,
-		SkipProviderButton: opts.SkipProviderButton,
-		CookieCipher:       cipher,
-		templates:          loadTemplates(opts.CustomTemplatesDir),
-		Footer:             opts.Footer,
+		ProxyPrefix:           opts.ProxyPrefix,
+		provider:              opts.provider,
+		serveMux:              serveMux,
+		redirectURL:           redirectURL,
+		allowedURL:            opts.AllowedURL,
+		skipAuthRegex:         opts.SkipAuthRegex,
+		skipAuthPreflight:     opts.SkipAuthPreflight,
+		compiledRegex:         opts.CompiledRegex,
+		SetXAuthRequest:       opts.SetXAuthRequest,
+		PassBasicAuth:         opts.PassBasicAuth,
+		PassUserHeaders:       opts.PassUserHeaders,
+		BasicAuthPassword:     opts.BasicAuthPassword,
+		PassAccessToken:       opts.PassAccessToken,
+		SkipProviderButton:    opts.SkipProviderButton,
+		CookieCipher:          cipher,
+		templates:             loadTemplates(opts.CustomTemplatesDir),
+		Footer:                opts.Footer,
+		UseJavascriptRedirect: opts.UseJavascriptRedirect,
 	}
 }
 
@@ -424,21 +426,23 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 	}
 
 	t := struct {
-		ProviderName  string
-		SignInMessage string
-		CustomLogin   bool
-		Redirect      string
-		Version       string
-		ProxyPrefix   string
-		Footer        template.HTML
+		ProviderName          string
+		SignInMessage         string
+		CustomLogin           bool
+		Redirect              string
+		Version               string
+		ProxyPrefix           string
+		Footer                template.HTML
+		UseJavascriptRedirect bool
 	}{
-		ProviderName:  p.provider.Data().ProviderName,
-		SignInMessage: p.SignInMessage,
-		CustomLogin:   p.displayCustomLoginForm(),
-		Redirect:      redirect_url,
-		Version:       VERSION,
-		ProxyPrefix:   p.ProxyPrefix,
-		Footer:        template.HTML(p.Footer),
+		ProviderName:          p.provider.Data().ProviderName,
+		SignInMessage:         p.SignInMessage,
+		CustomLogin:           p.displayCustomLoginForm(),
+		Redirect:              redirect_url,
+		Version:               VERSION,
+		ProxyPrefix:           p.ProxyPrefix,
+		Footer:                template.HTML(p.Footer),
+		UseJavascriptRedirect: p.UseJavascriptRedirect,
 	}
 	p.templates.ExecuteTemplate(rw, "sign_in.html", t)
 }

options.go

@@ -42,6 +42,7 @@ type Options struct {
 	CustomTemplatesDir       string   `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
 	Footer                   string   `flag:"footer" cfg:"footer"`
 	AllowedURL               string   `flag:"allowed-url" cfg:"allowed-url"`
+	UseJavascriptRedirect    bool     `flag:"use-javascript-redirect" cfg:"use-javascript-redirect"`
 
 	CookieName     string        `flag:"cookie-name" cfg:"cookie_name" env:"OAUTH2_PROXY_COOKIE_NAME"`
 	CookieSecret   string        `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"`

templates.go

@@ -139,6 +139,12 @@ func getTemplates() *template.Template {
 			})();
 		}
 	</script>
+	{{if .UseJavascriptRedirect}}
+	<script>
+		var selectors = Array.prototype.slice.call(document.querySelectorAll('input[name="rd"]'));
+		selectors.forEach((input) => input.value = window.location.href);
+	</script>
+	{{end}}
 	<footer>
 	{{ if eq .Footer "-" }}
 	{{ else if eq .Footer ""}}