-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oauth2_proxy: nginx extension module no longer forwards X-User
#305266
Comments
@wilsonehusin are you able to play around a bit and confirm if the changes mentioned introduced this regression? |
@aanderse yes. I can't really pin-point to what exactly since there were a lot of changes. Instead, I just have a local fork from 2e751c0 (prior to the changes mentioned in the PRs above). |
I have a pretty good idea what it could be. https://github.com/SuperSandro2000/nixos-modules/blob/1aeeba70ada1b0f1f8bc408ea3131882d35f15c3/modules/nginx.nix#L92-L96 |
Can you give #307766 a try? I didn't test it yet, so it could completely break everything and be completely insecure, just as warning. |
fantastic work @SuperSandro2000! @wilsonehusin please let us know how it goes 🙇♂️ |
Sorry for the late reply, I haven't been able to have time to test it out. Now that I do, it seems like |
Describe the bug
OAuth2 Proxy's Nginx plugin used to forward
X-User
andX-Email
headers to downstream programs. This stopped working after I updated on unstable channel, which is potentially related to #275541 or #273234.Steps To Reproduce
Steps to reproduce the behavior:
auth.proxy
of header nameX-User
.More simply:
X-User
andX-Email
used to be present, but not anymoreExpected behavior
X-User
andX-Email
are passed to downstream servers under Nginx.Additional details
services.oauth2_proxy.extraConfig.set-xauthrequest = true;
Notify maintainers
cc @SuperSandro2000
Metadata
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste the result.Add a 👍 reaction to issues you find important.
The text was updated successfully, but these errors were encountered: