Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CUSTOM_CLIENT_HEADERS option not work #502

Closed
petlitskiy opened this issue Aug 3, 2024 · 1 comment
Closed

CUSTOM_CLIENT_HEADERS option not work #502

petlitskiy opened this issue Aug 3, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@petlitskiy
Copy link

Describe the bug

I am trying to set up Unleash-edge to handle client queries with client keys in the query header like Unleash-proxy allows to do it (i mean like Unleash-proxy allow to filter inbound queries with "UNLEASH_PROXY_CLIENT_KEYS" option). But with no success.
Can you provide an example of docker-compose configuration of Unleash-edge to use "CUSTOM_CLIENT_HEADERS" option to filter inbound client's queries?

Steps to reproduce the bug

  1. set the CUSTOM_CLIENT_HEADERS: "X-Client-Key:mykey" in docker-compose environments block
  2. use like
    curl 'https://some-endpint/api/client/features' --header 'Content-Type: application/json' --header 'Authorization:default:development.xyz' --header 'X-Client-Key:mykey'
  3. use like
    curl 'https://some-endpint/api/client/features' --header 'Content-Type: application/json' --header 'Authorization:default:development.xyz' --header 'X-Client-Key:notmykey'
  4. in last case have to be filtered
  5. not filtered

Expected behavior

No response

Logs, error output, etc.

No response

Screenshots

No response

Additional context

No response

Unleash version

No response

Subscription type

None

Hosting type

None

SDK information (language and version)

No response
@petlitskiy petlitskiy added the bug Something isn't working label Aug 3, 2024
@sighphyre
Copy link
Member

Hey @petlitskiy,

I don't think this is a bug. This is just a difference in behavior between the Proxy and Edge. The old UNLEASH_PROXY_CLIENT_KEYS option in the Proxy was a work around because there was no knowledge of the validity of tokens between the Proxy and Unleash itself. Edge takes a different approach - it won't respond to requests that aren't valid API keys in Unleash itself - the source of auth is Unleash and not Edge.

You can make Edge more strict with strict mode, but there's no way to limit it to specific tokens, any token that's valid upstream is also valid in Edge so long as it satisfies the constraints of strict mode.

The CUSTOM_CLIENT_HEADERS property you mention serves a different purpose - those are custom headers that Edge includes in its API requests to Unleash when hydrating data.

Hope this helps to clarify!

@github-project-automation github-project-automation bot moved this from New to Done in Issues and PRs Aug 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sighphyre @petlitskiy