docs: add HTTP header and method based authentication task#7990
Merged
zirain merged 4 commits intoenvoyproxy:mainfrom Feb 4, 2026
Merged
docs: add HTTP header and method based authentication task#7990zirain merged 4 commits intoenvoyproxy:mainfrom
zirain merged 4 commits intoenvoyproxy:mainfrom
Conversation
✅ Deploy Preview for cerulean-figolla-1f9435 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
zhaohuabing
reviewed
Jan 21, 2026
site/content/en/latest/tasks/security/http-header-method-auth.md
Outdated
Show resolved
Hide resolved
Contributor
Author
|
Friendly Ping @zhaohuabing , Have a Look on this Doc PR |
zhaohuabing
reviewed
Jan 26, 2026
site/content/en/latest/tasks/security/http-header-method-auth.md
Outdated
Show resolved
Hide resolved
Contributor
Author
|
Friendly Ping @zhaohuabing , i have implemented your suggested changes please let me know if anything required |
Signed-off-by: Aditya7880900936 <[email protected]>
Signed-off-by: Aditya7880900936 <[email protected]>
Signed-off-by: Aditya7880900936 <[email protected]>
zirain
force-pushed
the
docs/http-header-method-auth
branch
from
4351c2e to
12ece26
Compare
Member
The examples in this PR won't work. |
Signed-off-by: Aditya7880900936 <[email protected]>
Contributor
Author
|
Thanks @zhaohuabing for the review. I’ve updated the documentation to use Please let me know if this looks good now. |
Contributor
Author
|
Friendly Ping @zhaohuabing , i have updated the documentation file as per your suggestion , Have a look on this PR |
zhaohuabing
approved these changes
Feb 4, 2026
zirain
approved these changes
Feb 4, 2026
cnvergence
pushed a commit
to cnvergence/gateway
that referenced
this pull request
Feb 5, 2026
…y#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya7880900936 <[email protected]> * docs: replace api-key examples with user header Signed-off-by: Aditya7880900936 <[email protected]> * docs: format header and method authentication examples Signed-off-by: Aditya7880900936 <[email protected]> * docs: add header and method based authorization examples Signed-off-by: Aditya7880900936 <[email protected]> --------- Signed-off-by: Aditya7880900936 <[email protected]>
cnvergence
pushed a commit
to cnvergence/gateway
that referenced
this pull request
Feb 5, 2026
…y#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: replace api-key examples with user header Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: format header and method authentication examples Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: add header and method based authorization examples Signed-off-by: Aditya Sanskar Srivastav <[email protected]> --------- Signed-off-by: Aditya Sanskar Srivastav <[email protected]> Signed-off-by: Karol Szwaj <[email protected]>
cnvergence
pushed a commit
to cnvergence/gateway
that referenced
this pull request
Feb 5, 2026
…y#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: replace api-key examples with user header Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: format header and method authentication examples Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: add header and method based authorization examples Signed-off-by: Aditya Sanskar Srivastav <[email protected]> --------- Signed-off-by: Aditya Sanskar Srivastav <[email protected]> Signed-off-by: Karol Szwaj <[email protected]>
cnvergence
added a commit
that referenced
this pull request
Feb 5, 2026
* chore(docs): Update Azure Entra link in OIDC guide (#8167) Update Azure Entra link in OIDC guide Signed-off-by: Guy Daich <[email protected]> * fix: continue processing the remaining xDS with invalid EnvoyPatchPolicies (#8153) continue processing the remaining xDS with invalid EnvoyPatchPolicies Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> * build(deps): bump the actions group across 1 directory with 2 updates (#8178) Bumps the actions group with 2 updates in the / directory: [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/login-action` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@5e57cd1...c94ce9f) Updates `github/codeql-action` from 4.32.0 to 4.32.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b20883b...6bc82e0) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.32.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Isaac Wilson <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> * fix: skip provision when IR Infra is invalid (#7754) * fix: do not trigger IR deletion when EnvoyProxy is invalid Signed-off-by: zirain <[email protected]> * add Invalid to ir.Infra Signed-off-by: zirain <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> * add e2e Signed-off-by: zirain <[email protected]> * remove invalid Signed-off-by: zirain <[email protected]> * add comments Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> * merge loop Signed-off-by: zirain <[email protected]> * move back Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> * docs: add HTTP header and method based authentication task (#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: replace api-key examples with user header Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: format header and method authentication examples Signed-off-by: Aditya Sanskar Srivastav <[email protected]> * docs: add header and method based authorization examples Signed-off-by: Aditya Sanskar Srivastav <[email protected]> --------- Signed-off-by: Aditya Sanskar Srivastav <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> * fix: Validation of XListenerSet certificateRefs (#8168) Previously, validateTerminateModeAndGetTLSSecrets would always use the namespace of the listener's gateway when verifying a cross-namespace ref. This meant that if the listener were from an XListenerSet, whether or not the Secret associated with the certificateRef was in the same namespace as the XListenerSet, it would not be permitted. Additionally, and relatedly, this fixes an issue where an XListenerSet could reference a Secret in the gateway's namespace without a ReferenceGrant being present. With this change we add a new GetNamespace() method to gatewayapi.ListenerContext which returns the listener's gateway's namespace for a listener added directly to the gateway, or the XListenerSet's namespace otherwise. This is similar to some of the other methods that were added to ListenerContext in support of XListenerSets. The new method is used when creating the `crossNamespaceFrom` to determine if the certificateRef is permitted. If the Secret and XListenerSet are in the same namespace, it is permitted. If that is not the case a ReferenceGrant from the XListenerSet to the Secret will be properly searched for. Signed-off-by: krishicks <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> * fix: Remove whitespace for nodeSelector in deployment YAML - helm chart change (#8185) Remove whitespace for nodeSelector in deployment YAML Signed-off-by: Jess Belliveau <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> * [release/v1.7.0] release notes (#8188) Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: Aditya Sanskar Srivastav <[email protected]> Signed-off-by: krishicks <[email protected]> Signed-off-by: Jess Belliveau <[email protected]> Co-authored-by: Guy Daich <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Isaac Wilson <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Aditya Sanskar Srivastav <[email protected]> Co-authored-by: krishicks <[email protected]> Co-authored-by: Jess Belliveau <[email protected]>
Inode1
pushed a commit
to Inode1/gateway
that referenced
this pull request
Feb 23, 2026
…y#7990) * docs: add HTTP header and method based authentication task Signed-off-by: Aditya7880900936 <[email protected]> * docs: replace api-key examples with user header Signed-off-by: Aditya7880900936 <[email protected]> * docs: format header and method authentication examples Signed-off-by: Aditya7880900936 <[email protected]> * docs: add header and method based authorization examples Signed-off-by: Aditya7880900936 <[email protected]> --------- Signed-off-by: Aditya7880900936 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds user documentation for HTTP header and method based authentication.
It describes how to configure authentication rules using
SecurityPolicyandincludes examples for:
Related Issue
Fixes #5452