providers/proxy: add setting to intercept authorization header (#4457)

* add setting to intercept authorization header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to intercept_header_auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

internal/outpost/proxyv2/application/utils.go

@@ -1,7 +1,6 @@
 package application
 
 import (
-	"fmt"
 	"net/http"
 	"net/url"
 	"path"
@@ -35,12 +34,11 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		a.log.WithError(err).Warning("failed to decode session")
 	}
-	if r.Header.Get(constants.HeaderNoRedirect) != "" ||
-		r.URL.Query().Get(strings.ToLower(constants.HeaderNoRedirect)) != "" {
+	if r.Header.Get(constants.HeaderAuthorization) != "" && *a.proxyConfig.InterceptHeaderAuth {
 		rw.WriteHeader(401)
 		er := a.errorTemplates.Execute(rw, ErrorPageData{
 			Title:       "Unauthenticated",
-			Message:     fmt.Sprintf("Due to '%s' being set, no redirect is performed.", constants.HeaderNoRedirect),
+			Message:     "Due to 'Receive header authentication' being set, no redirect is performed.",
 			ProxyPrefix: "/outpost.goauthentik.io",
 		})
 		if er != nil {

internal/outpost/proxyv2/constants/constants.go

@@ -8,6 +8,5 @@ const SessionClaims = "claims"
 const SessionRedirect = "redirect"
 
 const HeaderAuthorization = "Authorization"
-const HeaderNoRedirect = "X-Authentik-No-Redirect"
 
 const AuthBearer = "Bearer "