Skip to content

Do not set up Host header for CNAME #560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nilune wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Do not set up Host header for CNAME #560

nilune wants to merge 3 commits into from
+1 −3

Conversation

@nilune
Copy link

@nilune nilune commented Jul 15, 2025
edited
Loading

Issue with Kerberos authentication in HTTP requests. Specifically, the issue occurred when the SPN (Service Principal Name) was being retrieved and the Host header in the HTTP request was being set to the final resolved host name from the URL.

This causes problems when working with proxies that must authenticate the client and then redirect clients. It is not clear why this was done in the original code. Without setting this header, everything starts working.

Example

service1.example.com-> proxy.example.com -> <target server>

In this case, the proxy service uses a single account with all SPNs for all services after it (e.g., HTTP/service1.example.com and HTTP/proxy.example.com). Therefore, everything works when the client retrieves any SPN. However, the Host header in the request was also changed, which caused the proxy to not understand which service to redirect the request to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nilune