Score:1

Server

Nginx - Reverse proxy - add request header to each request

kevin

11/11/22, 4:17 PM

I have nginx as a reverse proxy. I am trying to add a request header for each request, so i tried:

location / {
 proxy_pass some.host.com;
 proxy_set_header MY_HEADER somename;
}

But the header is not added to the request (At least i don't see it in the F12 debugger tool - Request Headers or in Postman).

I have a client, and i want to display there an iframe of dashboard from another app. i need to send to that app request header with my username to pass the autentication. so i thought about a reverse proxy where the iframe point to the reverse proxy and the proxy add the request header and.

Any ideas how can i attach the request header to each reqeust?

711

0 + 20

nginx

reverse-proxy

http-headers

Michael Hampton

11/11/22, 4:21 PM

You already added the request header!

kevin

11/11/22, 4:27 PM

@MichaelHampton i know, but it doesn't add it, i don't see it in the developer tools in Request Headers.

Michael Hampton

11/11/22, 4:52 PM

Why would you see it there? That's in your browser!

kevin

11/11/22, 4:53 PM

@MichaelHampton i am making the request to a client. there is a client that requires a header for authentication, so i pass every request through the reverse proxy and add the header there. and then i should be able to put iframes from the site in my app

Michael Hampton

11/11/22, 4:56 PM

OK, but that still won't show up in your browser.

kevin

11/11/22, 4:57 PM

@MichaelHampton so how would i know if the header is added? also why do i see some other request headers there like host and more...

Michael Hampton

11/11/22, 4:58 PM

You had nginx add the header. That is far beyond your browser. If you want to know whether it was added, you'll have to check the application that you passed it to.

kevin

11/11/22, 5:00 PM

@MichaelHampton but if i add response header (with add_header) i see it in the browser, i dont understand why i can't see the request header?

Michael Hampton

11/11/22, 5:02 PM

You can't see the request header in the browser because it was never there! This is pretty obvious stuff.

kevin

11/11/22, 5:04 PM

@MichaelHampton why is it not there then? that's what im saying in the question, i don't understand why it isn't there?

Michael Hampton

11/11/22, 5:05 PM

You didn't add the request header in your browser, you added it on the server! It is a request header. It would never be sent back, because it's not a response header.

kevin

11/11/22, 5:08 PM

i understand now, so do you have any idea how should i approach this? i need the header for authentication

Michael Hampton

11/11/22, 5:10 PM

You have said very little about what you're actually doing, so I couldn't begin to guess. I would suggest you start over from the beginning and explain your real problem.

kevin

11/11/22, 5:15 PM

I have a client, and i want to display there an iframe of dashboard from another app called spotfire. now there is a way to pass the authentication in the app if i add an header with the specified username (https://docs.tibco.com/pub/spotfire_server/7.6.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-0E4154FC-97AE-43D4-8EBF-A9BD9380D83C.html). so i thought i would make the src of the iframe point to the reverse proxy and there it will add the header and pass the request to spotfire and i would pass the authentication. but as you said i can't add there request headers in the reverse proxy.

kevin

11/11/22, 5:20 PM

@MichaelHampton the last comment was too long to at you. also, as they say in the link i sent: Header: Enter the name of the HTTP request header that contains the name of the authenticated user

Tero Kilkanen

11/11/22, 7:11 PM

Please add relevant details to the question itself, not as a comment. Also, Michael never said that you cannot add request headers in the reverse proxy. You can add the request headers there, but you only see the added request headers in your application. They are never visible to your browser.

kevin

11/11/22, 7:41 PM

@TeroKilkanen so did i send the request headers right? beacuse i didn't pass the authentication of the website with the header, so if guessed it didn't work. btw does that mean that if the website i'm sending the request to isn't mine there is no way for me to know if the request headers are there? also i edited the question

Tero Kilkanen

11/11/22, 8:10 PM

Yes, the directive adds headers to the proxied request. And yes, the headers are only visible in the request from the reverse proxy server to the final destination. If you can inspect the request on the proxy server, then you can see the real outgoing headers. How to actually inspect it is a separate topic.

kevin

11/11/22, 9:37 PM

how can i inspect it? and another question, do you know if redirect (301/302) removes the request headers?

kevin

11/12/22, 5:23 AM

@TeroKilkanen forgot to add you in the comment above

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Nginx - Reverse proxy - add request header to each request

TH: Nginx - Reverse proxy - เพิ่มส่วนหัวคำขอในแต่ละคำขอ

RO: Nginx - Reverse Proxy - adăugați antetul cererii la fiecare cerere

RU: Nginx — обратный прокси — добавлять заголовок запроса к каждому запросу

VI: Nginx - Reverse proxy - thêm tiêu đề yêu cầu cho mỗi yêu cầu

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.