Add X-Forwarded-Proto header when proxying https traffic #171
Comments
|
@deltaroe sounds good. Do you want to open a PR for this? |
|
I wrote a dirty hardcoded hack that fixed my current issue, but I have very limited experience with go and figured I'd create an issue incase someone had cycles to do it properly before I had the time to stumble through doing it myself. |
Guess protocol from redirect-url scheme if present, or from cookie-secure flag value. closes bitly#171
|
We're encountering this issue also, and in the course of investigating I had a question: would we not want X-Forwarded-Proto to always be present, and set to HTTPS? In almost all real-world cases I can imagine, either the ssl terminator in front of oath2_proxy (haproxy, nginx, etc.) would set it (and oauth2_proxy could just pass it along), or oauth2_proxy would set it correctly. If necessary we could have a flag that disables this, for the odd situation where someone wants to run a service that exposes an HTTP endpoint externally (but still protected by oauth over SSL). This would remove the need to try to detect via cookies, upstream scheme, etc. |
Guess protocol from redirect-url scheme if present, or from cookie-secure flag value. closes bitly#171
|
Huh, I just hit this issue trying to run Jenkins as well. I like the wistia change to detect via either the redirect URL or the cookie secure parameter whether we are http or https and always add the header. |
Guess protocol from redirect-url scheme if present, or from cookie-secure flag value. closes bitly#171
Guess protocol from redirect-url scheme if present, or from cookie-secure flag value. closes bitly#171
Some upstream systems (Jenkins under Jetty for example) need the X-Forwarded-Proto header present to properly function when using oauth2_proxy as both auth and ssl termination.
Without the header any redirects returned by the upstream are for http instead of https
The text was updated successfully, but these errors were encountered: