@@ -663,12 +663,13 @@ stream {
663663 {{ end }}
664664 {{ if not (empty $location.ExternalAuth.Method) }}
665665 proxy_method {{ $location.ExternalAuth.Method }};
666- proxy_set_header X-Original-URI $request_uri;
667- proxy_set_header X-Scheme $pass_access_scheme;
666+ proxy_set_header X-Original-URI $request_uri;
667+ proxy_set_header X-Scheme $pass_access_scheme;
668668 {{ end }}
669669 proxy_pass_request_headers on;
670- proxy_set_header Host {{ $location.ExternalAuth.Host }};
671- proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
670+ proxy_set_header Host {{ $location.ExternalAuth.Host }};
671+ proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
672+ proxy_set_header X-Auth-Request-Redirect $request_uri;
672673 proxy_ssl_server_name on;
673674
674675 client_max_body_size "{{ $location.Proxy.BodySize }}";
@@ -712,9 +713,9 @@ stream {
712713
713714 {{ if not (empty $authPath) }}
714715 # this location requires authentication
715- auth_request {{ $authPath }};
716- auth_request_set $auth_cookie $upstream_http_set_cookie;
717- add_header Set-Cookie $auth_cookie;
716+ auth_request {{ $authPath }};
717+ auth_request_set $auth_cookie $upstream_http_set_cookie;
718+ add_header Set-Cookie $auth_cookie;
718719 {{- range $idx, $line := buildAuthResponseHeaders $location }}
719720 {{ $line }}
720721 {{- end }}
@@ -780,9 +781,6 @@ stream {
780781 proxy_set_header X-Original-URI $request_uri;
781782 proxy_set_header X-Scheme $pass_access_scheme;
782783
783- {{/* This header is used for external authentication */}}
784- proxy_set_header X-Auth-Request-Redirect $request_uri;
785-
786784 # mitigate HTTPoxy Vulnerability
787785 # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
788786 proxy_set_header Proxy "";
0 commit comments