Send request body to authorization server for forward auth

2024-12-12 18:18:05 +09:00 · 2024-12-12 18:18:05 +09:00 · 26738cbf93
commit 26738cbf93
parent b1934231ca
20 changed files with 411 additions and 38 deletions
--- a/docs/content/reference/dynamic-configuration/docker-labels.yml
+++ b/docs/content/reference/dynamic-configuration/docker-labels.yml
@ -38,7 +38,9 @@
 - "traefik.http.middlewares.middleware10.forwardauth.authrequestheaders=foobar, foobar"
 - "traefik.http.middlewares.middleware10.forwardauth.authresponseheaders=foobar, foobar"
 - "traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.forwardbody=true"
 - "traefik.http.middlewares.middleware10.forwardauth.headerfield=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.maxbodysize=42"
 - "traefik.http.middlewares.middleware10.forwardauth.tls.ca=foobar"
 - "traefik.http.middlewares.middleware10.forwardauth.tls.caoptional=true"
 - "traefik.http.middlewares.middleware10.forwardauth.tls.cert=foobar"
--- a/docs/content/reference/dynamic-configuration/file.toml
+++ b/docs/content/reference/dynamic-configuration/file.toml
@ -182,6 +182,8 @@
        authRequestHeaders = ["foobar", "foobar"]
        addAuthCookiesToResponse = ["foobar", "foobar"]
        headerField = "foobar"
+        forwardBody = true
+        maxBodySize = 42
        [http.middlewares.Middleware10.forwardAuth.tls]
          ca = "foobar"
          cert = "foobar"
--- a/docs/content/reference/dynamic-configuration/file.yaml
+++ b/docs/content/reference/dynamic-configuration/file.yaml
@ -209,6 +209,8 @@ http:
          - foobar
          - foobar
        headerField: foobar
+        forwardBody: true
+        maxBodySize: 42
    Middleware11:
      grpcWeb:
        allowOrigins:
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
@ -1234,6 +1234,15 @@ spec:
                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
                      More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
                    type: string
+                  forwardBody:
+                    description: ForwardBody defines whether to send the request body
+                      to the authentication server.
+                    type: boolean
+                  maxBodySize:
+                    description: MaxBodySize defines the maximum body size in bytes
+                      allowed to be forwarded to the authentication server.
+                    format: int64
+                    type: integer
                  tls:
                    description: TLS defines the configuration used to secure the
                      connection to the authentication server.
--- a/docs/content/reference/dynamic-configuration/kv-ref.md
+++ b/docs/content/reference/dynamic-configuration/kv-ref.md
@ -48,7 +48,9 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0` | `foobar` |
 | `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` |
 | `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/forwardBody` | `true` |
 | `traefik/http/middlewares/Middleware10/forwardAuth/headerField` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/maxBodySize` | `42` |
 | `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` |
 | `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` |
 | `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` |
--- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
@ -492,6 +492,15 @@ spec:
                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
                      More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
                    type: string
+                  forwardBody:
+                    description: ForwardBody defines whether to send the request body
+                      to the authentication server.
+                    type: boolean
+                  maxBodySize:
+                    description: MaxBodySize defines the maximum body size in bytes
+                      allowed to be forwarded to the authentication server.
+                    format: int64
+                    type: integer
                  tls:
                    description: TLS defines the configuration used to secure the
                      connection to the authentication server.