-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Forward Proxy-Authorization header to authentication server #7433
Conversation
@kevinpollet @jbdoumenjou Anything blocking or is it just the lack of time ? |
Hello @Scapal, sorry for a long time no answer. As you can see in our contribution guide, We will come back to you soon when we did the first design review iteration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
What does this PR do?
This PR fixes issue #7374 and related to the ForwardAuth middleware header filtering behaviour.
It allows the
Proxy-Authorization
header to be forwarded to the Authentication service.It also fixes a potential issue with the
authRequestHeaders
option, skipping header filtering if an explicit header list is given.Motivation
I am using Traefik 2 with Authelia using ForwardAuth.
Authelia expects the authentication header
Proxy-Authorization
for proxy authentication but it is currently removed when the request if sent to the authentication service as it is considered a "hop" header.Without modification we are unable to use this setup to protect APIs.
fixes #7374
More
Additional Notes