Comments (3)
I have experienced the same problem.
oathkeeper appends duplicate CORS headers to the response (in addition to CORS headers added by the underlying services).
from oathkeeper.
This could be avoided if we could strip upstream headers, however there doesn't seem like there's a supported way to do this.
from oathkeeper.
Wouldn't the easier solution be to turn off the cors headers on the upstream, if oathkeeper handles them anyways, or vice versa (turn of in oathkeeper, turn on in upstream)?
from oathkeeper.
Related Issues (20)
- X-Forwarded headers missing from oauth2-client-credentials authenticator request on v.0.40.3, breaking hydra TLS termination HOT 1
- Authenticator: Bearer_token w. "query_parameter" selector consumes request body
- Observed memory leak in v0.40.3 HOT 4
- Configure JWT authenticator not to logging sensitive data
- Allow/deny `remote(_json)` authorizers depending response content
- Allow API key pre-authorization in oauth2_introspection authenticator HOT 2
- "any" matching option for "required_scope" in JWT authenticator HOT 1
- Docs wrong for `bearer_token` Subject default location
- upstream reference closed: github.com/GoogleContainerTools/distroless/issues/1342
- Authorizer "remote" throws exception "invalid Read on closed Body" if request body is present in request HOT 13
- Basic Authorization header result in Unauthorized when using `anonymous` authenticator handler
- Oathkeeper does not support X-Forwarded headers properly HOT 3
- Reference to .MatchContext.RegexpCaptureGroups doesn't render in access rules authenticator config
- Decision API is not respecting the token_from config
- Outdated OTEL dependencies prevent import
- None of the provided URLs returned a valid JSON Web Key Set HOT 1
- Implement a `delegate` authenticator
- Git as a repository for access rules & granularity: check against specific ingress against specific accessrule files HOT 1
- Duplicate requests using decisions endpoint via NGINX
- Oathkeeper returns encoded cookie
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oathkeeper.