docs: add HTTP header and method based authentication task#7990
Merged
zirain merged 4 commits intoenvoyproxy:mainfrom Feb 4, 2026
Merged
docs: add HTTP header and method based authentication task#7990zirain merged 4 commits intoenvoyproxy:mainfrom
zirain merged 4 commits intoenvoyproxy:mainfrom
Conversation
✅ Deploy Preview for cerulean-figolla-1f9435 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
zhaohuabing
reviewed
Jan 21, 2026
site/content/en/latest/tasks/security/http-header-method-auth.md
Outdated
Show resolved
Hide resolved
Contributor
Author
|
Friendly Ping @zhaohuabing , Have a Look on this Doc PR |
zhaohuabing
reviewed
Jan 26, 2026
site/content/en/latest/tasks/security/http-header-method-auth.md
Outdated
Show resolved
Hide resolved
Contributor
Author
|
Friendly Ping @zhaohuabing , i have implemented your suggested changes please let me know if anything required |
Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com>
Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com>
Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com>
4351c2e to
12ece26
Compare
Member
The examples in this PR won't work. |
Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com>
Contributor
Author
|
Thanks @zhaohuabing for the review. I’ve updated the documentation to use Please let me know if this looks good now. |
Contributor
Author
|
Friendly Ping @zhaohuabing , i have updated the documentation file as per your suggestion , Have a look on this PR |
zhaohuabing
approved these changes
Feb 4, 2026
zirain
approved these changes
Feb 4, 2026
cnvergence
pushed a commit
to cnvergence/gateway
that referenced
this pull request
Feb 5, 2026
…y#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com> * docs: replace api-key examples with user header Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com> * docs: format header and method authentication examples Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com> * docs: add header and method based authorization examples Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com> --------- Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com>
cnvergence
pushed a commit
to cnvergence/gateway
that referenced
this pull request
Feb 5, 2026
…y#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: replace api-key examples with user header Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: format header and method authentication examples Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: add header and method based authorization examples Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> --------- Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
cnvergence
pushed a commit
to cnvergence/gateway
that referenced
this pull request
Feb 5, 2026
…y#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: replace api-key examples with user header Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: format header and method authentication examples Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: add header and method based authorization examples Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> --------- Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
cnvergence
added a commit
that referenced
this pull request
Feb 5, 2026
* chore(docs): Update Azure Entra link in OIDC guide (#8167) Update Azure Entra link in OIDC guide Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: continue processing the remaining xDS with invalid EnvoyPatchPolicies (#8153) continue processing the remaining xDS with invalid EnvoyPatchPolicies Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * build(deps): bump the actions group across 1 directory with 2 updates (#8178) Bumps the actions group with 2 updates in the / directory: [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/login-action` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@5e57cd1...c94ce9f) Updates `github/codeql-action` from 4.32.0 to 4.32.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b20883b...6bc82e0) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.32.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Isaac Wilson <10012479+jukie@users.noreply.github.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: skip provision when IR Infra is invalid (#7754) * fix: do not trigger IR deletion when EnvoyProxy is invalid Signed-off-by: zirain <zirain2009@gmail.com> * add Invalid to ir.Infra Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> * add e2e Signed-off-by: zirain <zirain2009@gmail.com> * remove invalid Signed-off-by: zirain <zirain2009@gmail.com> * add comments Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> * merge loop Signed-off-by: zirain <zirain2009@gmail.com> * move back Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * docs: add HTTP header and method based authentication task (#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: replace api-key examples with user header Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: format header and method authentication examples Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> * docs: add header and method based authorization examples Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> --------- Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: Validation of XListenerSet certificateRefs (#8168) Previously, validateTerminateModeAndGetTLSSecrets would always use the namespace of the listener's gateway when verifying a cross-namespace ref. This meant that if the listener were from an XListenerSet, whether or not the Secret associated with the certificateRef was in the same namespace as the XListenerSet, it would not be permitted. Additionally, and relatedly, this fixes an issue where an XListenerSet could reference a Secret in the gateway's namespace without a ReferenceGrant being present. With this change we add a new GetNamespace() method to gatewayapi.ListenerContext which returns the listener's gateway's namespace for a listener added directly to the gateway, or the XListenerSet's namespace otherwise. This is similar to some of the other methods that were added to ListenerContext in support of XListenerSets. The new method is used when creating the `crossNamespaceFrom` to determine if the certificateRef is permitted. If the Secret and XListenerSet are in the same namespace, it is permitted. If that is not the case a ReferenceGrant from the XListenerSet to the Secret will be properly searched for. Signed-off-by: krishicks <kris@krishicks.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: Remove whitespace for nodeSelector in deployment YAML - helm chart change (#8185) Remove whitespace for nodeSelector in deployment YAML Signed-off-by: Jess Belliveau <jess.belliveau@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * [release/v1.7.0] release notes (#8188) Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> Signed-off-by: krishicks <kris@krishicks.com> Signed-off-by: Jess Belliveau <jess.belliveau@gmail.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Isaac Wilson <10012479+jukie@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Aditya Sanskar Srivastav <161202916+Aditya7880900936@users.noreply.github.com> Co-authored-by: krishicks <kris@krishicks.com> Co-authored-by: Jess Belliveau <jess.belliveau@gmail.com>
Inode1
pushed a commit
to Inode1/gateway
that referenced
this pull request
Feb 23, 2026
…y#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com> * docs: replace api-key examples with user header Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com> * docs: format header and method authentication examples Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com> * docs: add header and method based authorization examples Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com> --------- Signed-off-by: Aditya7880900936 <adityasanskarsrivastav788@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds user documentation for HTTP header and method based authentication.
It describes how to configure authentication rules using
SecurityPolicyandincludes examples for:
Related Issue
Fixes #5452