From 134befe72f843c52503ddd556f9db74dbff4d898 Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Sat, 14 Mar 2026 12:40:38 +0200
Subject: [PATCH] fix: get envoy host from the gin request

---
 internal/controller/proxy_controller.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/internal/controller/proxy_controller.go b/internal/controller/proxy_controller.go
index 9f5bbe4..7d650be 100644
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -339,6 +339,8 @@ func (controller *ProxyController) getForwardAuthContext(c *gin.Context) (ProxyC
 		return ProxyContext{}, errors.New("x-forwarded-proto not found")
 	}
 
+	// Normally we should only allow GET for forward auth but since it's a fallback
+	// for envoy we should allow everything, not a big deal
 	method := c.Request.Method
 
 	return ProxyContext{
@@ -378,17 +380,15 @@ func (controller *ProxyController) getAuthRequestContext(c *gin.Context) (ProxyC
 }
 
 func (controller *ProxyController) getExtAuthzContext(c *gin.Context) (ProxyContext, error) {
+	// We hope for the someone to set the x-forwarded-proto header
 	proto, ok := controller.getHeader(c, "x-forwarded-proto")
 
 	if !ok {
 		return ProxyContext{}, errors.New("x-forwarded-proto not found")
 	}
 
-	host, ok := controller.getHeader(c, "host")
-
-	if !ok {
-		return ProxyContext{}, errors.New("host not found")
-	}
+	// It sets the host to the original host, not the forwarded host
+	host := c.Request.URL.Host
 
 	// We get the path from the query string
 	path := c.Query("path")