traefik · traefiker · Jun 13, 2018 · Jun 1, 2018 · Jun 1, 2018
diff --git a/middlewares/auth/forward.go b/middlewares/auth/forward.go
@@ -14,7 +14,8 @@ import (
 )
 
 const (
-	xForwardedURI = "X-Forwarded-Uri"
+	xForwardedURI    = "X-Forwarded-Uri"
+	xForwardedMethod = "X-Forwarded-Method"
 )
 
 // Forward the authentication to a external server
@@ -109,6 +110,14 @@ func writeHeader(req *http.Request, forwardReq *http.Request, trustForwardHeader
 		forwardReq.Header.Set(forward.XForwardedFor, clientIP)
 	}
 
+	if xMethod := req.Header.Get(xForwardedMethod); xMethod != "" && trustForwardHeader {
+		forwardReq.Header.Set(xForwardedMethod, xMethod)
+	} else if req.Method != "" {
+		forwardReq.Header.Set(xForwardedMethod, req.Method)
+	} else {
+		forwardReq.Header.Del(xForwardedMethod)
+	}
+
 	if xfp := req.Header.Get(forward.XForwardedProto); xfp != "" && trustForwardHeader {
 		forwardReq.Header.Set(forward.XForwardedProto, xfp)
 	} else if req.TLS != nil {

diff --git a/middlewares/auth/forward_test.go b/middlewares/auth/forward_test.go
@@ -257,6 +257,25 @@ func Test_writeHeader(t *testing.T) {
 				"X-Forwarded-Host": "foo.bar",
 				"X-Forwarded-Uri":  "/path?q=1",
 			},
+		}, {
+			name: "trust Forward Header with forwarded request Method",
+			headers: map[string]string{
+				"X-Forwarded-Method": "OPTIONS",
+			},
+			trustForwardHeader: true,
+			expectedHeaders: map[string]string{
+				"X-Forwarded-Method": "OPTIONS",
+			},
+		},
+		{
+			name: "not trust Forward Header with forward request Method",
+			headers: map[string]string{
+				"X-Forwarded-Method": "OPTIONS",
+			},
+			trustForwardHeader: false,
+			expectedHeaders: map[string]string{
+				"X-Forwarded-Method": "GET",
+			},
 		},
 	}