The application router sends the following x-forwarding- headers to the route targets:
|
Header Name |
Description |
|---|---|
|
|
Contains the host header that is sent from the client to the application router. |
|
|
Contains the protocol that is used by the client to connect to the application router. |
|
|
Contains the address of the client that connects to the application router. |
|
|
Contains the original path that the client requested. |
If a client performs a path rewriting, it sends the x-forwarded-proto, x-forwarded-host, and the x-forwarded-path headers to the application router. The values of these headers are forwarded to the route targets without modifications instead of being generated from the application router request URL. The x-forwarded-path header of a request does not impact the source pattern of routes in the xs-app.json.
Hop-by-hop headers are only for a single transport-level connection and are not forwarded by the application router. The headers are:
ConnectionKeep-AlivePublicProxy-AuthenticateTransfer-EncodingUpgrade
x-custom-host is used to support the application router behind an external reverse proxy. The x-custom-host header must contain the internal reverse proxy host.
EXTERNAL_REVERSE_PROXYenvironment variable is set to true.
In a multi-tenancy landscape, application router can be called from multiple tenants. During the authentication flow, application router uses the tenant ID to fetch the authentication token from XSUAA. Application router extracts the tenant ID from the corresponding host using the tenant host pattern configuration.
In an external reverse proxy flow, the application router uses the x-custom-host to extract the tenant ID using the tenant host pattern configuration.
If the x-custom-host is not provided, the application router uses the host header to extract the tenant ID.
x-approuter-authorization header contains the JWT token or Open ID Connect (OIDC) access token to support the Service to Application Router scenario.
The application router can receive a JWT token created by the SAP Authorization and Trust Management (xsuaa) service or an OIDC access token created by Identity Authentication service and use it to access the UI and the data. The JWT token is passed to the application router in the x-approuter-authorization header of a request.
The JWT token or the OIDC token are generated with the same XSUAA service instance or the same Identity service instance that is bound to the application router.