abeb0236d8
* Strip X-Forwarded auth headers from whitelisted paths For any paths that match skip-auth-regex, strip normal X-Forwarded headers that would be sent based on pass-user-headers or pass-access-token settings. This prevents malicious injecting of authentication headers through the skip-auth-regex paths in cases where the regex might be misconfigured and too open. Control this behavior with --skip-auth-strip-headers flag. This flag is set to TRUE by default (this is secure by default, but potentially breaks some legacy configurations). Only x-Forwarded headers stripped, left the Authorization header untouched. * Strip authorization header if it would be set * Improve TestStripAuthHeaders test table * Improve --skip-auth-strip-headers flag documentation |
||
|---|---|---|
| .. | ||
| assets/js | ||
| configuration | ||
| logos | ||
| .gitignore | ||
| 0_index.md | ||
| 1_installation.md | ||
| 2_auth.md | ||
| 4_tls.md | ||
| 5_endpoints.md | ||
| 6_request_signatures.md | ||
| 404.html | ||
| Gemfile | ||
| Gemfile.lock | ||
| Makefile | ||
| README.md | ||
| _config.yml | ||
README.md
Docs
This folder contains our Jekyll based docs site which is hosted at https://oauth2-proxy.github.io/oauth2-proxy.
When making changes to this docs site, please test your changes locally:
docs$ make serve
To run the docs site locally you will need Ruby at version 2.5.0 or
higher and bundle (gem install bundler if you already have Ruby).