Commita7646d1

authored

chore: disable authz-header in all builds (#17409)

Header payload being large is causing some issues in dev builds. Anothermethod of opting in needs to be determined

1 parent70b113d commita7646d1Copy full SHA for a7646d1

File tree

-1

lines changed

-1

lines changed

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -464,8 +464,16 @@ func New(options Options) API {`
`464`	`464`	`r:=chi.NewRouter()`
`465`	`465`	`// We add this middleware early, to make sure that authorization checks made`
`466`	`466`	`// by other middleware get recorded.`
	`467`	`+//nolint:revive,staticcheck // This block will be re-enabled, not going to remove it`
`467`	`468`	`ifbuildinfo.IsDev() {`
`468`		`-r.Use(httpmw.RecordAuthzChecks)`
	`469`	`+// TODO: Find another solution to opt into these checks.`
	`470`	+// If the header grows too large, it breaks `fetch()` requests.
	`471`	`+// Temporarily disabling this until we can find a better solution.`
	`472`	+// One idea is to include checking the request for `X-Authz-Record=true`
	`473`	`+// header. To opt in on a per-request basis.`
	`474`	`+// Some authz calls (like filtering lists) might be able to be`
	`475`	`+// summarized better to condense the header payload.`
	`476`	`+// r.Use(httpmw.RecordAuthzChecks)`
`469`	`477`	`}`
`470`	`478`
`471`	`479`	`ctx,cancel:=context.WithCancel(context.Background())`

Comments

(0)