Skip to content

fix(forward-auth): extra_headers not resolving variable on $post_arg. #12435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

fix(forward-auth): extra_headers not resolving variable on $post_arg. #12435

wants to merge 3 commits into from
+69 −46

Conversation

Revolyssup
Copy link
Contributor

@Revolyssup Revolyssup commented Jul 16, 2025
edited
Loading

The existing util.resolve_var doesn't handle all the variable cases properly. For eg: when passed with $post_arg.xyz, it fails to resolve the variable. So forward auth plugin is being modified to directly use the ctx.var
And no other plugin using util.resolve_var, tries to resolve $post_arg. so it is assumed that it's not part of the use case for util.resolve_var

This was not caught previously because the test cases didn't assert the values properly.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. bug Something isn't working labels Jul 16, 2025
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:M This PR changes 30-99 lines, ignoring generated files. labels Jul 16, 2025
@kayx23 kayx23 self-requested a review July 16, 2025 09:57
kayx23
kayx23 reviewed Jul 18, 2025
View reviewed changes
Copy link
Member

@kayx23 kayx23 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other doc changes LGTM

docs/en/latest/plugins/forward-auth.md
@@ -187,11 +187,12 @@ curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/auth' \
"functions": [
"return function(conf, ctx)
local core = require(\"apisix.core\")
if core.request.header(ctx, \"tenant_id\") then
local tenant_id = core.request.header(ctx, \"tenant_id\")
if tenant_id == \"123\" then
core.response.set_header(\"X-User-ID\", \"i-am-an-user\");
Copy link
Member

@kayx23 kayx23 Jul 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe remove this line to avoid any confusion? Since users will not actually observe this response header in this example.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is required to pass/deny the request. Users don't need to care about it. This is forward-auth server simulated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kayx23 kayx23 kayx23 left review comments

@nic-6443 nic-6443 nic-6443 approved these changes

At least 3 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
bug Something isn't working size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Revolyssup @nic-6443 @kayx23