You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It turns out nginx ingress' external authentication tacks on an unexpected extra _external-auth-xxxx path to the subrequest sent to the auth-url. 9bf59d8 handles it, but ignores an encoded string at its end.
This string seems to be the auth-url itself, encoded:
My initial guess (haven't found any documentation regarding it) would be this is a way to check that the subrequest is indeed coming from the ingress and not from somewhere else. If so, validating it against the domain assigned to the service in k8s would be an extra layer of security.
The text was updated successfully, but these errors were encountered:
It turns out nginx ingress' external authentication tacks on an unexpected extra
_external-auth-xxxxpath to the subrequest sent to the auth-url. 9bf59d8 handles it, but ignores an encoded string at its end.This string seems to be the auth-url itself, encoded:
https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/template/template.go#L428
My initial guess (haven't found any documentation regarding it) would be this is a way to check that the subrequest is indeed coming from the ingress and not from somewhere else. If so, validating it against the domain assigned to the service in k8s would be an extra layer of security.
The text was updated successfully, but these errors were encountered: