Feature Request: Add an additional header for API authentication #9418
Labels
needs triage
This issue has been automatically labelled and needs further triage
T: feature request
Type: feature request. This issue is requesting a new feature
Is your feature request related to a problem? Please describe.
When running MISP behind a authentication proxy that uses the Authorization header for Bearer authentication, the MISP API is inaccessible due to both services using the same header.
It is possible to solve using header rewrite in the webserver, but I'd like a permanent solution in MISP.
Describe the solution you'd like
Add an additional header for authentication, for example: X-MISP-AUTH.
MISP should look at the Authorization header first, if that is invalid, it should look for the X-MISP-AUTH header.
Describe alternatives you've considered
Rewrite headers in Apache/NGINX, but a more permanent solution would be nice.
Additional context
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: