New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support expected authority changes #1196
Comments
I'd add the following tasks:
An |
The authority is now a separate field from the host header, which should help this case. The draft does not yet contain language that special cases as described here. |
It seems that for cases like this, the use of the Suggest we close this without changes. |
I agree that |
In some cases, the authority of the effective request URI may be expected to change, for example from "public-service-name.example.com" to "service-host-1.public-service-name.example.com". This is commonly the case for services that are hosted behind a load-balancing gateway, where the client sends requests to a publicly known domain name for the service, and these requests are transformed by the gateway into requests to specific hosts in the service fleet.
One possible way to handle this would be to special-case the Host header field to allow verifier to substitute a known expected value, or a value provided in another header field (e.g.,
Via
) when generating the Signature Input, provided that the verifier also recognizes the real value in theHost
header. Alternatively, this logic could apply to an(audience)
content identifier.The text was updated successfully, but these errors were encountered: