You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: Allow for custom HTTP response codes from RBAC denials
Description:
This feature would allow users to customise the response code return with an RBAC denial.
Current behaviour ensures that all RBAC denials return a "Forbidden" status code (403).
This default behaviour can and should be preserved. However, there are use cases where the ability to tune this rejection might be desirable.
Specifically for our use case, we want to use the RBAC filter to enforce allowlists for authenticated forward proxy clients. In the event clients are denied, we want to return a "Proxy Authentication Required" status code (407).
We thought it more appropriate to generalise this capability, as they may be other cases where it is desirable. For example, it may be more sematically (or pedantically 😄) correct to return an "Unauthorized" status code (401).
We have provided a PR to implement this feature; any and all feedback is welcome.
Title: Allow for custom HTTP response codes from RBAC denials
Description:
This feature would allow users to customise the response code return with an RBAC denial.
Current behaviour ensures that all RBAC denials return a "Forbidden" status code (403).
This default behaviour can and should be preserved. However, there are use cases where the ability to tune this rejection might be desirable.
Specifically for our use case, we want to use the RBAC filter to enforce allowlists for authenticated forward proxy clients. In the event clients are denied, we want to return a "Proxy Authentication Required" status code (407).
We thought it more appropriate to generalise this capability, as they may be other cases where it is desirable. For example, it may be more sematically (or pedantically 😄) correct to return an "Unauthorized" status code (401).
We have provided a PR to implement this feature; any and all feedback is welcome.
Relevant Links:
The text was updated successfully, but these errors were encountered: