Comments (4)
That time out is there to protect the proxy from request stragglers and intentionally harmful clients. It would make sense though to have this configurable, which is possible!
from oathkeeper.
I was mislead by the name graceful and though it was intended to handle only shutdown or restart of the process. I since found the http server settings applied in https://github.com/ory/graceful/blob/master/http_defaults.go#L55
I'm using this as a sidecar and there is an upstream proxy offloading TLS and handling timeouts. Perhaps oathkeeper could do with a similar method to hydra of trusting upstream for TLS via source IP and XFF headers and disabling timeouts.
from oathkeeper.
I think we can keep this issue open, it's possible to configure the settings provided by graceful
which would - I guess - make tons of sense in this scenario. The settings have been used for other projects whose APIs accept - at maximum - POST bodies of max 2kb. In the proxy scenario however, it makes much more sense to be able to configure the timeouts in order to support use cases such as yours.
from oathkeeper.
Closed by #132
from oathkeeper.
Related Issues (20)
- Authenticator: Bearer_token w. "query_parameter" selector consumes request body
- Observed memory leak in v0.40.3 HOT 4
- Configure JWT authenticator not to logging sensitive data
- Allow/deny `remote(_json)` authorizers depending response content
- Allow API key pre-authorization in oauth2_introspection authenticator HOT 2
- "any" matching option for "required_scope" in JWT authenticator HOT 1
- Docs wrong for `bearer_token` Subject default location
- upstream reference closed: github.com/GoogleContainerTools/distroless/issues/1342
- Authorizer "remote" throws exception "invalid Read on closed Body" if request body is present in request HOT 13
- Basic Authorization header result in Unauthorized when using `anonymous` authenticator handler
- Oathkeeper does not support X-Forwarded headers properly HOT 3
- Reference to .MatchContext.RegexpCaptureGroups doesn't render in access rules authenticator config
- Decision API is not respecting the token_from config
- Outdated OTEL dependencies prevent import
- None of the provided URLs returned a valid JSON Web Key Set HOT 1
- Implement a `delegate` authenticator
- Git as a repository for access rules & granularity: check against specific ingress against specific accessrule files HOT 1
- Duplicate requests using decisions endpoint via NGINX
- Oathkeeper returns encoded cookie
- Oathkeeper bombards Ory Network with requests after upgrade to 40.x HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oathkeeper.