A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
Ory Oathkeeper v0.44.4 uses the new Rewrite feature of Golang's reverse proxy. This will strip any X-Forwarded headers from upstream requests. This however is not always desirable which is why a new config flag serve.proxy.trust_forwarded_headers was introduced to optionally enable the forwarding of X-Forwarded headers.
[ ] I confirm that this pull request does not address a security
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
security@ory.sh) from the maintainers to push
the changes.
[ ] I have added tests that prove my fix is effective or that my feature
works.
Ory Oathkeeper v0.44.4 uses the new Rewrite feature of Golang's reverse proxy. This will strip any X-Forwarded headers from upstream requests. This however is not always desirable which is why a new config flag
serve.proxy.trust_forwarded_headerswas introduced to optionally enable the forwarding of X-Forwarded headers.Related issue(s)
Checklist
Further Comments