[nginx-ingress-controller] Basic auth header is not stripped

[atombender]

If you use basic auth in an ingress, then the Authorization header is passed along to the proxied upstream, which can result in incorrect behaviour if the upstream doesn't expect one.

For example, Drone will ignore its session cookie if the auth header is specified.

The correct behaviour is to strip the header and not pass it to the upstream.

Until this is fixed, I've been trying to find a workaround by injecting a custom Nginx directive, but I can't a way. Is there one?

[aledbf]

@atombender use a custom template and add proxy_set_header Authorization ""; in the location with the basic auth

[atombender]

@aledbf Thanks, I discovered the template just now. That's just a temporary workaround, of course.

[aledbf]

That's just a temporary workaround, of course.

Yes, tomorrow I will open a PR to remove the Authorization header when the auth annotation is used

[atombender]

@aledbf: This PR fixed the issue for me.

[aledbf]

@atombender awesome. Thanks!

[Yannic92]

Sorry that I have to ask under a closed issue, but how is it possible to pass the authorization header to an upstream now? I see the condition {{ if $location.BasicDigestAuth.Secured }} but I don't know how to set it to false.
I want my service to evaluate the Authorization header, not nginx.