If you use method GET, then the body is implicitly turned off. We turn it off if the method is being rewritten to GET or HEAD. That makes for the simplest possible config, I think.
You donāt need this ā Caddy already sends this header:
Epic stuff
Itās working perfectly, and without any ugly plugin,
Iāll let people know in firecow/forward_auth README.md, that this method is the way forward, thank you very muchā¦
Why isnāt header_up Host {upstream_hostport} the default behavior of forward_auth directive btw?
Iām just asking because it took me quite a while to figure out, why cloudflare which my sso.firecow.dk is behind kept giving me 403. (cloudflare donāt allow ābogusā host headers)
Because itās only needed if youāre proxying over HTTPS. See the docs:
Most people will be proxying over HTTP, probably. Like Authelia users who are self-hosting it in their own network. If they used authelia:9091 as their upstream address and had that header_up line, then the Host would become authelia:9091 which doesnāt make sense ā itās a better default to pass through the original Host header.