[GH-ISSUE #357] forward authorization headers from client request to origin server request #757

New issue

Closed

opened 2026-03-15 15:18:02 +03:00 by kerem · 3 comments

kerem commented 2026-03-15 15:18:02 +03:00

Owner

Copy link

Originally created by @lorello on GitHub (Sep 21, 2023).
Original GitHub issue: https://github.com/flyimg/flyimg/issues/357

Hi guys,
we are using flyimg in a sort of ticket system. Users can add screenshots or photos to their tickets, these files are private, to access them we need to supply a Bearer token to the original image server. We'd like to use flyimg to serve smaller preview of these attachments, but currently flyimg doesn't pass original authorization request headers to the origin server that hosts attachments, is this a interesting feature that we could add? If yes, we could send a PR.

We could add an option like extra_header_options, could be:
original_headers_whitelist that list all the headers that from the client request must be forwarded to the origin request.

This option should be used in saveToTemporaryFile method

What do you think?

Originally created by @lorello on GitHub (Sep 21, 2023). Original GitHub issue: https://github.com/flyimg/flyimg/issues/357 Hi guys, we are using flyimg in a sort of ticket system. Users can add screenshots or photos to their tickets, these files are private, to access them we need to supply a Bearer token to the original image server. We'd like to use flyimg to serve smaller preview of these attachments, but currently flyimg doesn't pass original authorization request headers to the origin server that hosts attachments, is this a interesting feature that we could add? If yes, we could send a PR. We could add an option like [extra_header_options](https://github.com/flyimg/flyimg/blob/c387c62b77591b7da1e2465a3f4eb1c8d78e9e7a/config/parameters.yml#L40), could be: `original_headers_whitelist` that list all the headers that from the client request must be forwarded to the origin request. This option should be used in [saveToTemporaryFile](https://github.com/flyimg/flyimg/blob/c387c62b77591b7da1e2465a3f4eb1c8d78e9e7a/src/Core/Entity/Image/InputImage.php#L82) method What do you think?

kerem 2026-03-15 15:18:02 +03:00

• closed this issue
• added the
  enhancement
  version 1
  labels

kerem commented 2026-03-15 15:18:19 +03:00

Author

Owner

Copy link

@sadok-f commented on GitHub (Sep 21, 2023):

Hi @lorello ,

Thank you for opening up this issue!
It's a great idea, would be great if you could submit a PR!
maybe the option would be a bool variable, called forward_request_headers default to false and when it is set to true it forwards all client headers to the origin image url.

<!-- gh-comment-id:1730168352 --> @sadok-f commented on GitHub (Sep 21, 2023): Hi @lorello , Thank you for opening up this issue! It's a great idea, would be great if you could submit a PR! maybe the option would be a bool variable, called `forward_request_headers` default to false and when it is set to true it forwards all client headers to the origin image url.

kerem commented 2026-03-15 15:18:24 +03:00

Author

Owner

Copy link

@lorello commented on GitHub (Sep 22, 2023):

hi @sadok-f

Thank you for opening up this issue! It's a great idea, would be great if you could submit a PR!

as you can see my collegue @lrealdi has already implemented it and we are testing in our QA environment

maybe the option would be a bool variable, called forward_request_headers default to false and when it is set to true it forwards all client headers to the origin image url.

we cannot pass all the headers from client to origin, if we forward the Host: header the call obviously fails :-(
For this reason we opted for an array of headers

<!-- gh-comment-id:1731232518 --> @lorello commented on GitHub (Sep 22, 2023): hi @sadok-f > Thank you for opening up this issue! It's a great idea, would be great if you could submit a PR! as you can see my collegue @lrealdi has already implemented it and we are testing in our QA environment > maybe the option would be a bool variable, called `forward_request_headers` default to false and when it is set to true it forwards all client headers to the origin image url. we cannot pass all the headers from client to origin, if we forward the `Host:` header the call obviously fails :-( For this reason we opted for an array of headers

kerem commented 2026-03-15 15:18:29 +03:00

Author

Owner

Copy link

@sadok-f commented on GitHub (Sep 22, 2023):

Sorry @lorello, I didn't get it in the first comment.
Now I got it, yes makes sense what you propose.
please have a look at the PR's failed pipeline, there are a couple of small warnings regarding code listing and complexity.
would be great if you could add one unit test if possible.
Thank you!

<!-- gh-comment-id:1731542129 --> @sadok-f commented on GitHub (Sep 22, 2023): Sorry @lorello, I didn't get it in the first comment. Now I got it, yes makes sense what you propose. please have a look at the PR's failed pipeline, there are a couple of small warnings regarding code listing and complexity. would be great if you could add one unit test if possible. Thank you!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

add-trendshift-badge

gh-pages

issue#547

issue#546

issue#448

1.12.0

1.11.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.1

1.8.0

1.7.11

1.7.10

1.7.9

1.7.8

1.7.7

1.7.6

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.0

1.4.15

1.4.14

1.4.13

1.4.12

1.4.11

1.4.10

1.4.9

1.4.8

1.4.7

1.4.6

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.9

1.2.8

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.58

1.1.57

1.1.56

1.1.55

1.1.54

1.1.53

1.1.52

1.1.51

1.1.50

1.1.49

1.1.48

1.1.47

1.1.46

1.1.45

1.1.44

1.1.43

1.1.42

1.1.41

1.1.40

1.1.39

1.1.38

1.1.37

1.1.36

1.1.35

1.1.34

1.1.33

1.1.32

1.1.31

1.1.30

1.1.29

1.1.28

1.1.27

1.1.26

1.1.25

1.1.24

1.1.23

1.1.22

1.1.21

1.1.20

1.1.19

1.1.18

1.1.17

1.1.16

1.1.15

1.1.14

1.1.13

1.1.12

1.1.11

1.1.10

1.1.9

1.1.8

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.2.0

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

Labels

Clear labels   

Docs

  

Docs

  

Docs

  

Security

  

UnitTest

  

bug

  

dependencies

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

hacktoberfest

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

version 1

  

version 2

  

wontfix

No labels

Docs

Docs

Docs

Security

UnitTest

bug

dependencies

duplicate

enhancement

enhancement

enhancement

hacktoberfest

help wanted

invalid

pull-request

question

stale

version 1

version 2

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/flyimg#757

No description provided.