malliaridis commented on PR #3807:
URL: https://github.com/apache/solr/pull/3807#issuecomment-3469003530
I was trying to review this PR and share my point of view about the current
implementation of BasicAuth and MultiAuth plugins, as I have faced some
limitations as well and still need to address a few more in an open PR (see
draft).
> because proxy injects auth headers,
Could you explain eventually why your proxy is injecting auth headers? This
sounds to me like a very special case.
From your Caddyfile, I believe the following is the relevant part?
```
handle /solr/* {
reverse_proxy solr-baseline:8983 {
# ...
# Pass through client Authorization header
header_up Authorization {header.Authorization}
# ...
```
Judging by the setup you provided in the test stack, it seems that the auth
header is always injected. Is that a correct interpretation?
If so, and if the proxy would only inject auth header if the client is
providing them during a request forwarding, it would not be an issue, right?
One of the limitations I am still facing is that the `WWW-Authenticate` is
not provided for all authentication methods available when using MultiAuth.
And an additional note, if you take into acocunt the additional
`X-Requested-With` header sent by the client, you are still facing the auth
issue you are trying to solve here, right?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
