mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-03 16:59:22 +02:00
config: add PassIdentityHeaders option (#903)
Currently, user's identity headers are always inserted to downstream request. For privacy reason, it would be better to not insert these headers by default, and let user chose whether to include these headers per=policy basis. Fixes #702
This commit is contained in:
Cuong Manh Le
GitHub
parent
4a3fb5d44b
commit
8d0deb0732
9 changed files with 115 additions and 14 deletions
|
|
@ -1014,6 +1014,18 @@ If set, enables proxying of websocket connections.
|
|||
|
||||
**Use with caution:** By definition, websockets are long-lived connections, so [global timeouts](#global-timeouts) are not enforced. Allowing websocket connections to the proxy could result in abuse via [DOS attacks](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/).
|
||||
|
||||
### Pass Identity Headers
|
||||
|
||||
- `yaml`/`json` setting: `pass_identity_headers`
|
||||
- Type: `bool`
|
||||
- Optional
|
||||
- Default: `false`
|
||||
|
||||
When enabled, this option will pass the identity headers to the downstream application. These headers include:
|
||||
|
||||
- X-Pomerium-Jwt-Assertion
|
||||
- X-Pomerium-Claim-*
|
||||
|
||||
## Authorize Service
|
||||
|
||||
### Authenticate Service URL
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue