-
Hello, I have a downstream service which uses Bearer authentication. requestTransformContext.ProxyRequest.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", myJwtAccessToken); This works great except in one case - if downstream service has UseHttpsRedirection and the yarp cluster destination address is http (not https). In this case the downstream service replies with 307 temporary redirect. Yarp then makes a call to the https endpoint (AllowAutoRedirect is set to true in a call to ConfigureHttpClient), but without the authorization header, and the downstream service responds with 401 unauthorized. Is there a way to instruct yarp to include the authorization header in the redirected request? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Triage: Instead of letting YARP handle redirects from backend, you should set up YARP to initiate https requests to the backend instead of http. |
Beta Was this translation helpful? Give feedback.
Triage: Instead of letting YARP handle redirects from backend, you should set up YARP to initiate https requests to the backend instead of http.
YARP is meant to propagate all redirects from backend to the client.