ShaunMaher commented on issue #11608: URL: https://github.com/apache/apisix/issues/11608#issuecomment-2481647607
Hi @shreemaan-abhishek Thanks for the feedback. One thing I still don't quite understand though is whether or not the `body_filter` phase should run at all if the authentication failed. I can see why you might want it to (e.g. rewrite the error message before it goes back to the client). It seems like it should be something that should be made extremely clear in the doco though. If, for example, you're using `serverless-*-function` to take some action, _assuming_ that key-auth won't let that action happen if the authentication failed, you're in for trouble. I'm happy to come up with a PR that updates the code in body-transformer and the doco if you like. Cheers. Shaun. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
