Authorization
header should be used for authentication against an origin server
#971
Labels
type/enhancement
New feature or request
Describe the bug
Currently, the
Authorization
header is used to accept GH tokens so that HTTP handlers can interact with GH on behalf of a user. However, a different header should be used instead in order to distinguish between API endpoint authorization (i.e. listing clusters or templates) and endpoints that require interaction with GH or other git providers (i.e. create a cluster PR). I suggest the use of an alternative header name instead i.e.Git-Provider-Token
and reserve theAuthorization
header for securing the endpoints.Environment
gitops: v0.3.3
Affects versions
v0.3.3
Expected behavior
Use a header other than
Authorization
to check for the GH tokenhttps://datatracker.ietf.org/doc/html/rfc7235#section-4.2
The text was updated successfully, but these errors were encountered: