I tried to configure auth sub request like this documentation
Client send request with authorization header to protected resource via nginx.
But when nginx send subrequest to check access, authorization header in subrequest is missed.
i tried to use this parameters in auth location:
proxy_set_header authorization $http_authorization;
But it didn’t get result.
2
Answers
The problem was with CORS requests. OPTIONS request didn't contain Authorization header. And auth service returned error.
Solution:
Special nginx variables like
$http_<name>
are not shared with the subrequests (update: this is a wrong assumption, request headers actualy gets shared with the subrequests, see the update to the answer). That internal nginx subrequests API is very special thing, many modules that makes use of it do not even share variable containers between main request and subrequests. However theauth_request_module
is some kind of exception, making possible a workaround using the intermediate variable:Ok, after testing this myself I can state a couple of facts.
Authorization
header (as well as other main request headers) gets added to the subrequest. However it can be redefined for the subrequest explicitly:or removed from the subrequest completely:
Intermediate variable does work for passing data from main request to the subrequest made by
auth_request_module
:An auth backend will receive the
X-From: from-main
HTTP header.