New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not copy hop-by-hop headers to forward auth request #3907
Conversation
Hi @emilevauge thanks for your message and for merging the other PR. Unfortunately this is another fix :). #3900 removed the hop-by-hop headers from the response of the auth backend. Whereas this new PR prevents adding hop-by-hop headers to the request that is sent to the auth backend. So this PR makes sure no hop-by-hop headers get send to the auth backend, the other one (#3900) makes sure no hop-by-hop headers received from the auth backend get send back to the receiver. |
@stffabi Sorry, I read too quickly ;) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@emilevauge thanks a lot for merging the PR. Awesome how fast all of you reply and how much attention all of you pay to community contributions. 👍 |
What does this PR do?
Hop-By-Hop headers aren't passed over to the auth backend anymore.
Motivation
Copying over Hop-By-Hop header might result in a wrong behaviour, e.g. if a websocket is requested, the auth backend request fails and a HTTP 500 error code is returned. Therefore websocket don't work anymore when a forward auth backend is enabled.
Fixes #3039
More