HTTP header are not forwarded breaking OIDC for some apps #169

New Issue

Closed

opened 2025-11-13 11:52:01 -06:00 by GiteaMirror · 4 comments

GiteaMirror commented 2025-11-13 11:52:01 -06:00

Owner

Copy Link

Originally created by @bannert1337 on GitHub (Mar 21, 2025).

After I switched FreshRSS from Cloudflare Tunnel to Pangolin, authentication with Authenik wouldn't work anymore with the error:

This happens because the HTTP headers are not or incorrectly forwarded.

Reference:
https://github.com/FreshRSS/FreshRSS/issues/7296
https://github.com/FreshRSS/FreshRSS/issues/7257

Originally created by @bannert1337 on GitHub (Mar 21, 2025). After I switched FreshRSS from Cloudflare Tunnel to Pangolin, authentication with Authenik wouldn't work anymore with the error:  This happens because the HTTP headers are not or incorrectly forwarded. Reference: https://github.com/FreshRSS/FreshRSS/issues/7296 https://github.com/FreshRSS/FreshRSS/issues/7257

GiteaMirror added the stale label 2025-11-13 11:52:01 -06:00

GiteaMirror closed this issue 2025-11-13 11:52:01 -06:00

GiteaMirror commented 2025-11-13 11:52:02 -06:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Mar 24, 2025):

It looks like Traefik is passing the host header along by default: https://doc.traefik.io/traefik/routing/services/#pass-host-header

Here is an excerpt I just tested using the whoami container.

Hostname: db3b364a2cf4
IP: 127.0.0.1
IP: ::1
IP: 172.17.0.4
RemoteAddr: 172.17.0.1:34250
GET / HTTP/1.1
Host: test.mydomain.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Encoding: gzip, br
Accept-Language: en-US,en;q=0.5
Alt-Used: test.mydomain.net
Priority: u=0, i
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 172.70.43.61
X-Forwarded-Host: test.mydomain.net
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 11afa51cd854
X-Real-Ip: 172.70.43.61

@oschwartz10612 commented on GitHub (Mar 24, 2025): It looks like Traefik is passing the host header along by default: https://doc.traefik.io/traefik/routing/services/#pass-host-header Here is an excerpt I just tested using the whoami container. ``` Hostname: db3b364a2cf4 IP: 127.0.0.1 IP: ::1 IP: 172.17.0.4 RemoteAddr: 172.17.0.1:34250 GET / HTTP/1.1 Host: test.mydomain.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8 Accept-Encoding: gzip, br Accept-Language: en-US,en;q=0.5 Alt-Used: test.mydomain.net Priority: u=0, i Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-site Sec-Fetch-User: ?1 Upgrade-Insecure-Requests: 1 X-Forwarded-For: 172.70.43.61 X-Forwarded-Host: test.mydomain.net X-Forwarded-Port: 443 X-Forwarded-Proto: https X-Forwarded-Server: 11afa51cd854 X-Real-Ip: 172.70.43.61 ```

GiteaMirror commented 2025-11-13 11:52:02 -06:00

Author

Owner

Copy Link

@davidszerman commented on GitHub (Mar 25, 2025):

Hi,

did you find a workaround ?

@davidszerman commented on GitHub (Mar 25, 2025): Hi, did you find a workaround ?

GiteaMirror commented 2025-11-13 11:52:02 -06:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (Apr 11, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

@github-actions[bot] commented on GitHub (Apr 11, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

GiteaMirror commented 2025-11-13 11:52:02 -06:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (Apr 26, 2025):

This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

@github-actions[bot] commented on GitHub (Apr 26, 2025): This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

GiteaMirror referenced this issue 2026-04-16 07:57:56 -05:00

[GH-ISSUE #169] Was base URL option taken back out? #1322

GiteaMirror referenced this issue 2026-04-20 07:11:13 -05:00

[GH-ISSUE #169] Was base URL option taken back out? #3264

GiteaMirror referenced this issue 2026-04-25 14:57:44 -05:00

[GH-ISSUE #169] Was base URL option taken back out? #6118

GiteaMirror referenced this issue 2026-04-30 03:32:31 -05:00

[GH-ISSUE #169] Was base URL option taken back out? #8086

GiteaMirror referenced this issue 2026-05-06 13:05:18 -05:00

[GH-ISSUE #169] Was base URL option taken back out? #10083

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

crowdin_dev

resource-policies

redis

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

dependabot/npm_and_yarn/next-intl-4.9.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.3

1.18.3-s.1

1.18.3-s.0

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label stale

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#169