Skip to content

feat: X-Forwarded header trust verification #202

Description

@jpower432

Summary

Add defense-in-depth verification for OAuth2 Proxy headers on the :8080 listener.

Context

The auth middleware derives identity and groups from X-Forwarded-* headers. The trust assumption is documented but not enforced at runtime.

Acceptance Criteria

  • Runtime mechanism verifies headers originate from the expected proxy
  • Documented trust boundary between proxy and application

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Backlog / nice to havearea/authJWT, OIDC, publisher trustenhancementNew feature or requestllm-assistedCreated with LLM assistance

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions