Pass Tailscale identity headers to destination service #136
Labels
enhancement
New feature or request
Milestone
Comments
|
As a further thought about making tsdproxy "Tailscale user aware" it would be useful to display the user's authenticated Tailscale user-name and/or user-login on the tsdproxy dashboard (in much the same way as many web properties show a user's informatrion top-right). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
Tailscale Serve passes the identity headers so that the destination service can see the Tailscale user making the request.
https://tailscale.com/kb/1312/serve#identity-headers
It would be very useful if tsdproxy added and passed on the Tailscale-User-Login, Tailscale-User-Name and Tailscale-User-Profile-Pic headers.
To prevent identity spoofing I would suggest that any incoming requests are stripped of these headers before being passed to the destination service.
Describe alternatives you've considered
Return to using tailscale serve instead of tsdproxy.
Additional context
None.
The text was updated successfully, but these errors were encountered: