Preflight checklist
Ory Network Project
No response
Describe your problem
The remote authorizer currently forwards only Content-Type and Authorization from the inbound request. Use cases like HMAC/signature preflight verification need additional original-request headers (e.g.X-Signature, X-Timestamp, signing nonces) to reach the verifier service.
Describe your ideal solution
Add an optional forward_request_headers_to_remote: []string config field on the remote authorizer. When set, the listed headers are copied from the inbound request to the outbound request to the remote endpoint.
This mirrors the existing forward_response_headers_to_upstream field but in the request direction. Default behavior is unchanged when omitted.
Workarounds or alternatives
Allowing headers templates access to a .Request field, but the dedicated allowlist field seemed simplest and most consistent with the existing API.
Version
v26.2.0
Additional Context
No response
Preflight checklist
Ory Network Project
No response
Describe your problem
The
remoteauthorizer currently forwards onlyContent-TypeandAuthorizationfrom the inbound request. Use cases like HMAC/signature preflight verification need additional original-request headers (e.g.X-Signature,X-Timestamp, signing nonces) to reach the verifier service.Describe your ideal solution
Add an optional
forward_request_headers_to_remote: []stringconfig field on theremoteauthorizer. When set, the listed headers are copied from the inbound request to the outbound request to the remote endpoint.This mirrors the existing
forward_response_headers_to_upstreamfield but in the request direction. Default behavior is unchanged when omitted.Workarounds or alternatives
Allowing
headerstemplates access to a.Requestfield, but the dedicated allowlist field seemed simplest and most consistent with the existing API.Version
v26.2.0
Additional Context
No response