Merge pull request #2188 from owncloud/ignore_auth_on_status_php

ignore authentication header on status.php

changelog/unreleased/status_php_authentication.md

@@ -0,0 +1,9 @@
+Bugfix: Remove authentication from /status.php completely
+
+Despite requests without Authentication header being successful, requests with an
+invalid bearer token in the Authentication header were rejected in the proxy with
+an 401 unauthenticated. Now the Authentication header is completely ignored for the
+/status.php route.
+
+https://github.com/owncloud/ocis/pull/2188
+https://github.com/owncloud/client/issues/8538

proxy/pkg/middleware/oidc_auth.go

@@ -155,7 +155,7 @@ func (m oidcAuth) shouldServe(req *http.Request) bool {
 
 	// todo: looks dirty, check later
 	// TODO: make a PR to coreos/go-oidc for exposing userinfo endpoint on provider, see https://github.com/coreos/go-oidc/issues/248
-	for _, ignoringPath := range []string{"/konnect/v1/userinfo"} {
+	for _, ignoringPath := range []string{"/konnect/v1/userinfo", "/status.php"} {
 		if req.URL.Path == ignoringPath {
 			return false
 		}