Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow specifying Consul token in an HTTP request header #1318

Merged
merged 1 commit into from
Oct 22, 2015
Merged

Allow specifying Consul token in an HTTP request header #1318

merged 1 commit into from
Oct 22, 2015

Conversation

daveadams
Copy link
Contributor

I would like to be able to pass the Consul authorization token via HTTP request header as well as through the querystring, for a couple of reasons related to setting up the Consul web UI and/or a general API gateway:

One, for security. Consul itself filters out tokens from its own request logs, but when behind a reverse proxy, that's another layer were tokens need to be filtered from logs.

Two, also for reverse proxy, adding values to the query string when dealing with OAuth or CAS-type authentication is often problematic. This would allow me to set the token I want to pass as a request header and avoid the complications.

I've also provided tests and documentation updates.

@daveadams
Add HTTP request header X-Consul-Token
b7bcb2a 
Add support for an X-Consul-Token HTTP request header to specify the
token with which this request should be fulfilled. The header would have
precedence over the responding Agent's default token, but would have
lower precedence than a token specified in the query string.
@ryanbreen
Copy link
Contributor

This looks great to me. Good test and doc as well. Only thing you might want to include in the doc, though it's a corner case, is explanation of what happens if both are specified but inconsistent (header wins).

Any reason not to include this support, hashifolks?

@daveadams
Copy link
Contributor Author

I tried to explain it in the doc changes, although it may be unclear. For this patch, the querystring token param wins if both are specified (ie the opposite of what you said), although I don't have a strong opinion about which should take precedence.

@ryanbreen
Copy link
Contributor

Yeah, I'm an idiot. Read right over that. Doc looks good.

@ryanbreen ryanbreen mentioned this pull request Oct 22, 2015
Closed
armon added a commit that referenced this pull request Oct 22, 2015
@armon
Merge pull request #1318 from daveadams/f-http-header-token
6a350d5 
Allow specifying Consul token in an HTTP request header
@armon armon merged commit 6a350d5 into hashicorp:master Oct 22, 2015
@armon
Copy link
Member

armon commented Oct 22, 2015

LGTM! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@daveadams @ryanbreen @armon