kayx23 commented on code in PR #12405: URL: https://github.com/apache/apisix/pull/12405#discussion_r2193817055
########## docs/en/latest/plugins/forward-auth.md: ########## @@ -166,6 +167,110 @@ HTTP/1.1 403 Forbidden Location: http://example.com/auth ``` +### Using data from POST body to make decision on Authorization service + +::: note +When the decision is to be made on the basis of POST body, then it is recommended to use `$post_arg.xyz` with `extra_headers` field and make the decision on Authorization service on basis of headers rather than using POST `request_method` to pass the entire request body to Authorization service. Review Comment: ```suggestion When the decision is to be made on the basis of POST body, then it is recommended to use `$post_arg.*` with `extra_headers` field and make the decision on Authorization service on basis of headers rather than using POST `request_method` to pass the entire request body to Authorization service. ``` ########## docs/zh/latest/plugins/forward-auth.md: ########## @@ -168,6 +169,110 @@ HTTP/1.1 403 Forbidden Location: http://example.com/auth ``` +### Using data from POST body to make decision on Authorization service + +::: note +当要根据 POST 正文做出决定时,建议使用带有 extra_headers 字段的 $post_arg.xyz 并根据标头对授权服务做出决定,而不是使用 POST `request_method` 将整个请求正文传递给授权服务。 +::: + +在“/auth”路由上创建一个无服务器函数,用于检查“tenant_id”标头是否存在。如果存在,路由会使用 HTTP 200 进行响应,并将“X-User-ID”标头设置为固定值“i-am-an-user”。如果缺少“tenant_id”,则会返回 HTTP 400 和错误消息。 Review Comment: ```suggestion 在 `/auth` 路由上创建一个无服务器函数,用于检查 `tenant_id` 标头是否存在。如果存在,路由会使用 HTTP 200 进行响应,并将 `X-User-ID` 标头设置为固定值 `i-am-an-user`。如果缺少 `tenant_id`,则会返回 HTTP 400 和错误消息。 ``` ########## docs/zh/latest/plugins/forward-auth.md: ########## @@ -168,6 +169,110 @@ HTTP/1.1 403 Forbidden Location: http://example.com/auth ``` +### Using data from POST body to make decision on Authorization service + +::: note +当要根据 POST 正文做出决定时,建议使用带有 extra_headers 字段的 $post_arg.xyz 并根据标头对授权服务做出决定,而不是使用 POST `request_method` 将整个请求正文传递给授权服务。 Review Comment: ```suggestion 当要根据 POST 正文做出决定时,建议使用带有 `extra_headers` 字段的 `$post_arg.*` 并根据标头对授权服务做出决定,而不是使用 POST `request_method` 将整个请求正文传递给授权服务。 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
