question

RoccoCorsi-8037 avatar image
0 Votes"
RoccoCorsi-8037 asked RoccoCorsi-8037 commented

Azure Function golang customHandler HTTP redirect not sent back to client

We are developing a Golang REST API server and have been testing it out in an Azure Function with a customHandler with httpTrigger. Everything was working very well until recently, when we wanted to add authentication when a client was lacking a token (or has invalid token) and want to respond to the client to redirect (with a 302) them back to a Keycloak server (running in a Azure App Service) to make them login.

This golang server is working relatively well outside of Azure Function App, but what appears to be happening is that the redirect is being acted upon in the Function Host that sits in front of our customHandler. We have no logs indicating this is occurring, but we get a 404 Site Not Found when our golang server is 302 redirecting to the Keycloak server.

As a test tried a 302 redirect to https://www.google.com and got a 500 response.

Keycloak server is in a different Azure region from the golang server and has a https://*.azurewebsites.net URL.

We are not using custom domain.

Did attempt to use proxy configuration, but that only appeared to redirect internally and not back to the client. Doesn't appear to be what we want.

We have set to true enableForwardingHttpRequest.

Do Function Apps support this use case?

What are we doing wrong?

Thank you!

azure-functions
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

And if it is not clear in the original post, we want the 302 to be sent back to the originating client, not be handled somewhere inside Azure.

0 Votes 0 ·

We are doing the 302 redirect in golang with code similar to this

http.Redirect(w, r, authserver, http.StatusFound)

0 Votes 0 ·

I did a few more experiments to see what is going on and so I commented out the http.Redirect and replaced it with just

w.WriteHeader(http.StatusFound)

and the 302 is returned to the client.

Then I changed the code to:

w.Header().Set("Location", "https://www.google.com")
w.WriteHeader(http.StatusFound)

and then back to a 500 response.

and finally I just set the Location header (and status code is defaulting to 200 OK)

w.Header().Set("Location", "https://www.google.com")

and I get a 200 OK and Location is set in the response headers, which is not really a great test but just wanted to see what would happen.

Did similar checks with 307 status and same results.

So if "Location" header and 302 status, is what is being acted on.





0 Votes 0 ·

I don't know C# and .NET much, but would it be possible the Functions Host is lacking an AllowAutoRedirect set to false somewhere in the code. I checked the source in https://github.com/Azure/azure-functions-host
and I don't see AllowAutoRedirect being set to false anywhere. Still, I don't understand the code enough to judge this.

0 Votes 0 ·

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered RoccoCorsi-8037 commented

@RoccoCorsi-8037 I believe your last comment is spot on after looking at the code in this file - specifically lines #29 and #120. This class is just creating a new HttpClient instance which would use the default HttpClientHandler having AllowAutoRedirect set to true, explaining the behavior that you are seeing. It would be best to raise an issue on the repo to address this.

In the meantime, you could go with having enableForwardingHttpRequest set to false but would require you to transform between the request and response payload formats (an extra middleware to do this would be simple).


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for this answer. I opened an issue on GitHub.

https://github.com/Azure/azure-functions-host/issues/7318

0 Votes 0 ·