From 875afe24344977fe3edcd868b3c19968c9307e07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= <valknar@pivoine.art>
Date: Sat, 15 Nov 2025 20:56:55 +0100
Subject: [PATCH] fix: remove authRequestHeaders to allow Cookie header
 forwarding
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Removed explicit authRequestHeaders configuration. By default, Traefik
forwards all headers including Cookie to the ForwardAuth endpoint.
Explicitly setting authRequestHeaders was preventing the session
cookie from being forwarded to Authelia.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 net/compose.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/compose.yaml b/net/compose.yaml
index 946e56f..a86b72a 100644
--- a/net/compose.yaml
+++ b/net/compose.yaml
@@ -297,7 +297,6 @@ services:
       # ForwardAuth middleware for other services
       - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.address=http://net_authelia:9091/api/authz/forward-auth'
       - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.trustForwardHeader=true'
-      - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authRequestHeaders=X-Forwarded-Method,X-Forwarded-Proto,X-Forwarded-Host,X-Forwarded-Uri,X-Forwarded-For'
       - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
       - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeadersRegex=^Remote-'
       # Watchtower