How to keep Authentication header with redirect using NGINX ingress annotations

Question

I have an nginx ingress controller for my kubernetes cluster. I have a need to add a permanent redirect to an ingress which I can successfully do with

nginx.ingress.kubernetes.io/permanent-redirect: "http://www.example.com"

This works great, except for the fact that path I'm redirecting is used for by users that send POST requests including an Authorization header.

My understanding is that by default (for security reasons) the header would get stripped out. However, I'm redirecting the post request from one server to another on the same domain.

Is there a way to add the necessary instructions to pass the Authorization header along with the redirect?

Thanks!

score 4 · Answer 1 · answered Dec 02 '19 at 07:46

4

This is what I did to overcome the stripping of the Authorization header:

annotations:
  ... your other annotations
  nginx.ingress.kubernetes.io/configuration-snippet: |
    proxy_set_header Authorization $http_authorization;

This will force the setting of a new Authorization header that reads it's value from the actual authorization header.

I have not tried this with the external authorization though, only with basic auth.

answered Dec 02 '19 at 07:46

hammady

181
4

Not sure if this still works. I can set any header this way, but "Authorization" ist still stripped away. – tobias47n9e Jul 14 '21 at 07:48

score 0 · Answer 2 · answered Aug 01 '19 at 10:46

0

You can use external authentication to point your original url as an auth-url

annotations:
    nginx.ingress.kubernetes.io/auth-url: https://original/user/passwd

Also take a look at this example

Hope this will help

answered Aug 01 '19 at 10:46

A_Suh

324
1
7

How to keep Authentication header with redirect using NGINX ingress annotations

2 Answers2