Skip to content

CheckJWT should use net/http.Request.Clone #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
josharian opened this issue Nov 14, 2019 · 1 comment · Fixed by #89
Closed

CheckJWT should use net/http.Request.Clone #62

josharian opened this issue Nov 14, 2019 · 1 comment · Fixed by #89
Assignees
@jfatta
Milestone
v2

Comments

@josharian
Copy link

CheckJWT makes a shallow copy of the inbound request near the end of the function in order to set a new context.

In the context of reverse proxies, this can cause trouble. See golang/go#20068 and golang/go#23544.

The preferred way to modify the context of an inbound request is net/http.Request.Clone.
@grounded042 grounded042 added this to the v2 milestone Jan 29, 2021
@grounded042 grounded042 mentioned this issue Apr 23, 2021
Closed
21 tasks
@jfatta jfatta self-assigned this Apr 30, 2021
@jfatta jfatta mentioned this issue Apr 30, 2021
Merged
@sergiught
Copy link
Contributor

We just released the v2.0.0-beta 🥳 !

You can start testing it by running go get github.com/auth0/go-jwt-middleware/v2@v2.0.0-beta.

In case of issues fetching the v2 you might want to try go clean --modcache first before doing go get.

I'm closing this issue as now this is part of v2, but feel free to reopen if needed.

@ewanharris ewanharris mentioned this issue Jan 31, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jfatta jfatta

Labels
None yet
Projects
None yet
Milestone
v2
Development

Successfully merging a pull request may close this issue.

fix: CheckJWT clones the request auth0/go-jwt-middleware
4 participants
@josharian @grounded042 @jfatta @sergiught