Skip to content

fix: improve proxy header handling and remove existing Authorization header#25

Merged
hrntknr merged 1 commit intomainfrom
fix/proxy-header-handling
Aug 18, 2025
Merged

fix: improve proxy header handling and remove existing Authorization header#25
hrntknr merged 1 commit intomainfrom
fix/proxy-header-handling

Conversation

@hrntknr
Copy link
Copy Markdown
Member

@hrntknr hrntknr commented Aug 18, 2025

Summary

This PR improves proxy header handling by properly removing existing Authorization headers and correctly iterating through all proxy headers when forwarding requests. This prevents potential authentication conflicts and ensures all configured proxy headers are properly applied.

Type of Change

  • fix: A bug fix

Related Issues

@hrntknr
fix: improve proxy header handling and remove existing Authorization …
7fd3e09 
…header

- Remove existing Authorization header before setting proxy headers
- Properly iterate through proxy headers to add all values
- Prevents header conflicts when proxying authenticated requests
Copilot AI review requested due to automatic review settings August 18, 2025 10:54
@hrntknr hrntknr merged commit 409b10e into main Aug 18, 2025
4 checks passed
Copilot AI reviewed Aug 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes proxy header handling by properly removing existing Authorization headers and correctly iterating through all proxy headers when forwarding requests. Previously, the code was directly replacing all headers which could cause issues.

  • Explicitly removes Authorization headers to prevent authentication conflicts
  • Iterates through all proxy headers to ensure proper forwarding
  • Changes from direct header replacement to additive header management

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread pkg/proxy/main.go
c.Request.Header.Del("Authorization")
for key, values := range p.proxyHeaders {
for _, value := range values {
c.Request.Header.Add(key, value)
Copy link

Copilot AI Aug 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current implementation always removes the Authorization header, but then may add it back if it exists in p.proxyHeaders. This could lead to duplicate Authorization headers if p.proxyHeaders contains an Authorization entry. Consider checking if the key is 'Authorization' and using Set instead of Add for that specific header, or remove Authorization from p.proxyHeaders before the loop.

Suggested change
c.Request.Header.Add(key, value)
if strings.EqualFold(key, "Authorization") {
c.Request.Header.Set(key, value)
} else {
c.Request.Header.Add(key, value)
}

Copilot uses AI. Check for mistakes.
@sigbit-release-bot sigbit-release-bot Bot mentioned this pull request Aug 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hrntknr