nic-6443 commented on code in PR #12405:
URL: https://github.com/apache/apisix/pull/12405#discussion_r2196676670
##########
apisix/plugins/forward-auth.lua:
##########
@@ -102,6 +119,21 @@ function _M.access(conf, ctx)
auth_headers["Content-Encoding"] = core.request.header(ctx,
"content-encoding")
end
+ if conf.extra_headers then
+ for header, value in pairs(conf.extra_headers) do
+ if type(value) == "number" then
+ value = tostring(value)
+ end
+ local resolve_value, err, n_resolved =
core.utils.resolve_var(value, ctx.var)
+ if not err and n_resolved > 0 then
+ auth_headers[header] = resolve_value
+ end
+ if err then
+ core.log.error("failed to resolve variable in extra header '",
header, "': ", err)
Review Comment:
I think the risk is relatively high. What if the header to be passed has a
default value in the auth server? I think we should let the auth server itself
decide how to handle missing headers, rather than rejecting client request
outright.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
