leslie-tsang commented on a change in pull request #6039:
URL: https://github.com/apache/apisix/pull/6039#discussion_r780092059
##########
File path: apisix/plugins/basic-auth.lua
##########
@@ -39,6 +44,10 @@ local consumer_schema = {
properties = {
username = { type = "string" },
password = { type = "string" },
+ hide_auth_header = {
+ type = "boolean",
+ default = true,
Review comment:
```suggestion
default = false,
```
Need to discuss it in maillist if use `true` as default value
##########
File path: apisix/plugins/basic-auth.lua
##########
@@ -161,6 +170,11 @@ function _M.rewrite(conf, ctx)
return 401, { message = "Password is error" }
end
+ -- 5. hide `Authentication` request header if `hide_auth_header` is `true`
+ if conf.hide_auth_header == true then
+ core.request.set_header(ctx, "Authentication", "")
+ end
+
Review comment:
The original issue seems to avoid to send the header to upstream.
##########
File path: docs/zh/latest/plugins/basic-auth.md
##########
@@ -43,6 +43,7 @@ title: basic-auth
| -------- | ------ | ------ | ------ | ------ |
------------------------------------------------------------------------------------------------------------------
|
| username | string | 必须 | | | 不同的 `consumer`
对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 |
| password | string | 必须 | | | 用户的密码
|
+| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication
请求头返回给客户端.
|
Review comment:
```suggestion
| hide_auth_header | boolean | 可选 | false | | 是否将 Authentication
请求头传递给 upstream。
|
```
##########
File path: docs/en/latest/plugins/basic-auth.md
##########
@@ -39,10 +39,11 @@ For more information on Basic authentication, refer to
[Wiki](https://en.wikiped
## Attributes
-| Name | Type | Requirement | Default | Valid | Description
|
-| -------- | ------ | ----------- | ------- | ----- |
----------------------------------------------------------------------------------------------------------------------------------------------------------------
|
-| username | string | required | | | Different `consumer`
should have different value which is unique. When different `consumer` use a
same `username`, a request matching exception would be raised. |
-| password | string | required | | | the user's password
|
+| Name | Type | Requirement | Default | Valid | Description
|
+| -------- | ------ | ----------- | ------- | ----- |
----------------------------------------------------------------------------------------------------------------------------------------------------------------
|
+| username | string | required | | | Different
`consumer` should have different value which is unique. When different
`consumer` use a same `username`, a request matching exception would be raised.
|
+| password | string | required | | | the user's
password
|
+| hide_auth_header | boolean | optional | true | | Whether to
return the Authentication request headers to the client.
|
Review comment:
```suggestion
| Name | Type | Requirement | Default | Valid | Description
|
| -------- | ------ | ----------- | ------- | ----- |
----------------------------------------------------------------------------------------------------------------------------------------------------------------
|
| username | string | required | | | Different
`consumer` should have different value which is unique. When different
`consumer` use a same `username`, a request matching exception would be raised.
|
| password | string | required | | | the user's
password
|
| hide_auth_header | boolean | optional | true | | Whether to
return the Authentication request headers to the upstream.
|
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
