From 9506a1a7d5f5bdc8368163857d01b359a8043f4b Mon Sep 17 00:00:00 2001 From: Saman Mahdanian <46444723+SamMHD@users.noreply.github.com> Date: Mon, 18 Nov 2024 22:27:41 +0330 Subject: [PATCH] Update changelogs/unreleased/6661-SamMHD-minor.md Co-authored-by: Tero Saarni --- changelogs/unreleased/6661-SamMHD-minor.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/changelogs/unreleased/6661-SamMHD-minor.md b/changelogs/unreleased/6661-SamMHD-minor.md index 9a6330a74e9..c1d2fd05f7a 100644 --- a/changelogs/unreleased/6661-SamMHD-minor.md +++ b/changelogs/unreleased/6661-SamMHD-minor.md @@ -4,6 +4,7 @@ Global external authorization can now be disabled by default and enabled by over This is achieved by setting the `globalExtAuth.authPolicy.disabled` in the configuration file or `ContourConfiguration` CRD to `true`, and setting the `authPolicy.disabled` to `false` in the vhost and route level auth policies. The final authorization state is determined by the most specific policy applied at the route level. -## Disable External Authorization in UpgradeHTTPS +## Disable External Authorization in HTTPS Upgrade -From now on, Contour will configure Envoy to handle HTTPS Redirection without authorization on routes. (previously if GlobalExtAuth was set, Envoy would check request with ext_auth before redirection which could result in 401 instead of redirection) +When external authorization is enabled, no authorization check will be performed for HTTP to HTTPS redirection. +Previously, external authorization was checked before redirection, which could result in a 401 Unauthorized error instead of a 301 Moved Permanently status code.