Validate auth url encoded in /_external-auth-%v? #7
Description
It turns out nginx ingress' external authentication tacks on an unexpected extra _external-auth-xxxx path to the subrequest sent to the auth-url. 9bf59d8 handles it, but ignores an encoded string at its end.
This string seems to be the auth-url itself, encoded:
My initial guess (haven't found any documentation regarding it) would be this is a way to check that the subrequest is indeed coming from the ingress and not from somewhere else. If so, validating it against the domain assigned to the service in k8s would be an extra layer of security.