From 4c0b6c71ac2d874910721063bbdb101fec04ac37 Mon Sep 17 00:00:00 2001
From: "Wessel Valkenburg (prevue.ch)"
 <116259817+valkenburg-prevue-ch@users.noreply.github.com>
Date: Tue, 12 Mar 2024 20:10:09 +0100
Subject: [PATCH] Update _envoy_istio.md (#8888)

Added a comment about allowing the http authorization headers to upstream, necessary in an istio meshConfig if there are proxy providers which inject http basic auth headers.

Signed-off-by: Wessel Valkenburg (prevue.ch) <116259817+valkenburg-prevue-ch@users.noreply.github.com>
---
 website/docs/providers/proxy/_envoy_istio.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/docs/providers/proxy/_envoy_istio.md b/website/docs/providers/proxy/_envoy_istio.md
index c72e8f1e3d..4aaf21a036 100644
--- a/website/docs/providers/proxy/_envoy_istio.md
+++ b/website/docs/providers/proxy/_envoy_istio.md
@@ -20,6 +20,9 @@ spec:
                   headersToUpstreamOnAllow:
                       - set-cookie
                       - x-authentik-*
+                      # Add authorization headers to the allow list if you need proxy providers which
+                      # send a custom HTTP-Basic Authentication header based on values from authentik
+                      # - authorization
                   includeRequestHeadersInCheck:
                       - cookie
 ```