v26.2.0

Improved handling of forwarded headers

This release includes improvements to the handling of forwarded headers in Ory Oathkeeper. The change ensures that when the configuration serve.proxy.trust_forwarded_headers is disabled, all X-Forwarded* and the standard Forwarded headers are removed before processing and forwarding the request. Previously, only the X-Forwarded, X-Forwarded-Host, and X-Forwarded-Proto headers were removed. If the downstream service relies on any of the X-Forwarded* headers, it is recommended to enable the serve.proxy.trust_forwarded_headers configuration option to ensure proper handling of forwarded headers.

v26.2.0​

Improved handling of forwarded headers​

Ory Network

v26.2.0

Improved handling of forwarded headers