bug: forward-auth plugin doesn't work properly with POST method.

Current Behavior

forward-auth plugin doesn't work if the request is POST and authservice api is GET. Its happening due to forwading the POST method request headers like content-type and expect. Moved these headers only if authserver api is also POST.

Expected Behavior

It should work without any problems, based on the authserver method, appropriate headers should be passed.

Error Logs

2024/03/09 15:35:28 [error] 51#51: *13215177 [lua] forward-auth.lua:134: phase_func(): failed to process forward auth, err: timeout, client: 10.117.4.40, server: _, request: "POST /post HTTP/1.1", host: "apiv2.ninjacart.in", referrer: "http://localhost:4000/" 2024/03/09 15:35:28 [warn] 51#51: *13215177 [lua] plugin.lua:1159: run_plugin(): forward-auth exits with http status code 403, client: 10.117.4.40, server: _, request: "POST /post HTTP/1.1", host: "apiv2.ninjacart.in", referrer: "http://localhost:4000/" 10.117.4.40 - - [09/Mar/2024:15:35:28 +0000] apiv2.ninjacart.in "POST /post HTTP/1.1" 403 225 3.043 "http://localhost:4000/" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" - - - "http://apiv2.ninjacart.in"

Screenshot 2024-03-09 at 21 05 52

Steps to Reproduce

Run the apisix with docker image

Configure a route with post method, i used httporg post api like below

routes:
- 
  uri: /post
  upstream:
    nodes:
      "httpbin.org:80": 1
    type: roundrobin
  plugins:
    forward-auth:
      _meta:
        disable: false
      request_headers:
        - Authorization
      ssl_verify: false
      request_method: GET
      uri: >-
        https://<AUTHSERVER_URL>

Use the curl like below shell curl --location 'https://localhost:9080/post' \ --header 'Accept: application/json, text/plain, */*' \ --header 'Authorization: Bearer <TOKEN>' \ --header 'Content-Type: application/json' \ --data '{ "payload" { "foo": "bar" } }'
You should see a 403 error, because authserver doesnt accept the content-type header to GET request. This depends on the auth server you use, in my case Im using springboot 3.1.4 on Java 17

Environment

APISIX version (run apisix version): 3.8.0
Operating system (run uname -a): Linux apisix-5b76d95c8c-79rhx 5.15.133+ #1 SMP Sat Dec 30 13:01:38 UTC 2023 x86_64 GNU/Linux
OpenResty / Nginx version (run openresty -V or nginx -V): nginx version: openresty/1.21.4.2
etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info): Not using etcd, its standalone mode
APISIX Dashboard version, if relevant: Not using
Plugin runner version, for issues related to plugin runners: NA
LuaRocks version, for installation issues (run luarocks --version): NA

apache / apisix