subdavis
commented
5 years ago @zachmullen ptal when you have a chance.
Closed subdavis closed 5 years ago
subdavis
commented
5 years ago @zachmullen ptal when you have a chance.
zachmullen
commented
5 years ago but I can't function without it
Why is that? In what context do you need to use one over the other?
subdavis
commented
5 years ago I think I mentioned it a while back, but I'm working behind a proxy that filters out all Authorization headers. Under normal circumstances I would say such a patch has no business being in this library, but girder luckily supports it.
zachmullen
commented
5 years ago Hopefully we aren't subverting some security policy by passing basic auth via a different header...
subdavis
commented
5 years ago As far as I can tell, the proxy is just configured improperly. It should pass Authorization along when a request comes in that is already authorized with the proxy through another means, such as with a cookie.
Either that or it shouldn't touch the header at all unless the request is sent to an endpoint terminating on the proxy itself.
Edit: the actual correct configuration would use proxy-authorization https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization
I don't like adding this back, but I can't function without it. As long as girder supports this auth mechanism, I feel like having the option to use it is within scope here.