Add flag to always use https in oidc referral

StackEng · Jul 18, 2024 · 17abb2f · 17abb2f
1 parent 37b2015
commit 17abb2f
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 2 deletions.
diff --git a/charts/opserver/Chart.yaml b/charts/opserver/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.4
+version: 1.0.7
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/opserver/templates/deployment.yaml b/charts/opserver/templates/deployment.yaml
@@ -114,6 +114,8 @@ spec:
           value: {{ .Values.opserverSettings.security.provider }}
 
 {{- if eq .Values.opserverSettings.security.provider "OIDC" }}
+        - name: Security__UseHttpsForRedirects
+          value: "true"
         - name: Security__Name
           value: "Okta"
         - name: Security__ViewEverythingGroups

diff --git a/src/Opserver.Web/Controllers/AuthController.OIDC.cs b/src/Opserver.Web/Controllers/AuthController.OIDC.cs
@@ -216,11 +216,12 @@ private IActionResult RedirectToProvider(string returnUrl)
                 });
 
             var oidcSettings = (OIDCSecuritySettings) Current.Security.Settings;
+            var scheme = (oidcSettings.UseHttpsForRedirects ? "https" : Request.Scheme);
             var redirectUri = Url.Action(
                 nameof(OAuthCallback),
                 ControllerContext.ActionDescriptor.ControllerName,
                 null,
-                Request.Scheme,
+                scheme,
                 Request.Host.Value,
                 null
             );

diff --git a/src/Opserver.Web/Security/OIDCSecuritySettings.cs b/src/Opserver.Web/Security/OIDCSecuritySettings.cs
@@ -46,5 +46,10 @@ public class OIDCSecuritySettings : SecuritySettings
         /// Gets or sets the name of the "name" claim.
         /// </summary>
         public string GroupsClaim { get; set; } = "groups";
+
+        /// <summary>
+        /// When redirecting to an OIDC provider, whether to always use https for the redirect/referral.
+        /// </summary>
+        public bool UseHttpsForRedirects { get; set; } = false;
     }
 }