If you use method GET, then the body is implicitly turned off. We turn it off if the method is being rewritten to GET or HEAD. That makes for the simplest possible config, I think.
You don’t need this – Caddy already sends this header:
Epic stuff
It’s working perfectly, and without any ugly plugin,
I’ll let people know in firecow/forward_auth README.md, that this method is the way forward, thank you very much…
Why isn’t header_up Host {upstream_hostport} the default behavior of forward_auth directive btw?
I’m just asking because it took me quite a while to figure out, why cloudflare which my sso.firecow.dk is behind kept giving me 403. (cloudflare don’t allow “bogus” host headers)
Because it’s only needed if you’re proxying over HTTPS. See the docs:
Most people will be proxying over HTTP, probably. Like Authelia users who are self-hosting it in their own network. If they used authelia:9091 as their upstream address and had that header_up line, then the Host would become authelia:9091 which doesn’t make sense – it’s a better default to pass through the original Host header.