Skip to content

Support adding Authorization HTTP headers through the `RUSTUP_AUTHO… #4672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
amejia1 wants to merge 16 commits into
base: main
Choose a base branch
from
Draft

Support adding Authorization HTTP headers through the `RUSTUP_AUTHO… #4672

amejia1 wants to merge 16 commits into from

Conversation

@amejia1
Copy link

@amejia1 amejia1 commented Jan 7, 2026

…RIZATION_HEADER` environment variable.

This partially addresses #1343 by supporting reverse proxies which require authentication that function as mirrors to https://static.rust-lang.org .

@amejia1
Support adding Authorization HTTP headers through the `RUSTUP_AUTHO…
0195b4d 
…RIZATION_HEADER` environment variable.

This partially addresses rust-lang#1343 by supporting reverse proxies
which require authentication that function as mirrors to https://static.rust-lang.org .
@amejia1 amejia1 mentioned this pull request Jan 7, 2026
Open
@djc
Copy link
Contributor

djc commented Jan 7, 2026

If this is about a reverse proxy I don't think the complexity of doing this is worth it. Instead, it seems like the main issue is that we might leak credentials in logging when using RUSTUP_DIST_SERVER, which can be remedied more directly. We should also not unlink #1343 from this, because that issue seems to be about a forward proxy, not a reverse proxy.

@amejia1
Copy link
Author

amejia1 commented Jan 7, 2026

If this is about a reverse proxy I don't think the complexity of doing this is worth it. Instead, it seems like the main issue is that we might leak credentials in logging when using RUSTUP_DIST_SERVER, which can be remedied more directly. We should also not unlink #1343 from this, because that issue seems to be about a forward proxy, not a reverse proxy.

This change would also support token based authentication through the Bearer scheme. I had those in mind when I thought to implement these changes. Here are some examples of what I mean https://api.goauthentik.io/authentication/

@amejia1 amejia1 marked this pull request as draft January 8, 2026 03:55
@amejia1
Copy link
Author

amejia1 commented Jan 8, 2026

I have converted this PR to a draft. I need to investigate ways to start a forward proxy which requires authentication.

@djc
Copy link
Contributor

djc commented Jan 11, 2026

I don't think we're going to want a Ferron proxy setup in our source tree.

@amejia1
Copy link
Author

amejia1 commented Jan 13, 2026

I just noticed your last comment. I had this in draft mode and thought that would disable notifications. I am working on a good and simple way to test the changes and thought to use containers. Is use of containers for testing fine? If no, what should I do for tests?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@amejia1 @djc