bug: forward-auth plugin doesn't work properly with POST method.

[suryaprabhakark]

Current Behavior

forward-auth plugin doesn't work if the request is POST and authservice api is GET. Its happening due to forwading the POST method request headers like content-type and expect. Moved these headers only if authserver api is also POST.

Expected Behavior

It should work without any problems, based on the authserver method, appropriate headers should be passed.

Error Logs

2024/03/09 15:35:28 [error] 51#51: *13215177 [lua] forward-auth.lua:134: phase_func(): failed to process forward auth, err: timeout, client: 10.117.4.40, server: _, request: "POST /post HTTP/1.1", host: "apiv2.ninjacart.in", referrer: "http://localhost:4000/" 2024/03/09 15:35:28 [warn] 51#51: *13215177 [lua] plugin.lua:1159: run_plugin(): forward-auth exits with http status code 403, client: 10.117.4.40, server: _, request: "POST /post HTTP/1.1", host: "apiv2.ninjacart.in", referrer: "http://localhost:4000/" 10.117.4.40 - - [09/Mar/2024:15:35:28 +0000] apiv2.ninjacart.in "POST /post HTTP/1.1" 403 225 3.043 "http://localhost:4000/" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" - - - "http://apiv2.ninjacart.in"

Steps to Reproduce

1. Run the apisix with docker image
2. Configure a route with post method, i used httporg post api like below

routes:
  - 
      uri: /post
      upstream:
        nodes:
          "httpbin.org:80": 1
        type: roundrobin
      plugins:
        forward-auth:
          _meta:
            disable: false
          request_headers:
            - Authorization
          ssl_verify: false
          request_method: GET
          uri: >-
            https://<AUTHSERVER_URL>

4. Use the curl like below
   shell curl --location 'https://localhost:9080/post' \ --header 'Accept: application/json, text/plain, */*' \ --header 'Authorization: Bearer <TOKEN>' \ --header 'Content-Type: application/json' \ --data '{ "payload" { "foo": "bar" } }'
5. You should see a 403 error, because authserver doesnt accept the content-type header to GET request. This depends on the auth server you use, in my case Im using springboot 3.1.4 on Java 17

Environment

• APISIX version (run apisix version): 3.8.0
• Operating system (run uname -a): Linux apisix-5b76d95c8c-79rhx 5.15.133+ change: added doc of how to load plugin. #1 SMP Sat Dec 30 13:01:38 UTC 2023 x86_64 GNU/Linux
• OpenResty / Nginx version (run openresty -V or nginx -V): nginx version: openresty/1.21.4.2
• etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info): Not using etcd, its standalone mode
• APISIX Dashboard version, if relevant: Not using
• Plugin runner version, for issues related to plugin runners: NA
• LuaRocks version, for installation issues (run luarocks --version): NA

[shreemaan-abhishek]

relevant to #10927