From f64afce83d44dc6250f3c6dce43f1a8eb1af685b Mon Sep 17 00:00:00 2001
From: pushpinderbal <me@s1ngh.ca>
Date: Wed, 17 Dec 2025 18:56:26 -0500
Subject: [PATCH] feat: add support for 'envoy' proxy in proxyHandler
 validation

---
 internal/controller/proxy_controller.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/internal/controller/proxy_controller.go b/internal/controller/proxy_controller.go
index 2b6738a..9e6da89 100644
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -40,6 +40,9 @@ func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, a
 func (controller *ProxyController) SetupRoutes() {
 	proxyGroup := controller.router.Group("/auth")
 	proxyGroup.GET("/:proxy", controller.proxyHandler)
+	// envoy uses the original request method for ext_authz
+	// https://github.com/envoyproxy/envoy/issues/5357
+	proxyGroup.Any("/envoy", controller.proxyHandler)
 }
 
 func (controller *ProxyController) proxyHandler(c *gin.Context) {
@@ -55,7 +58,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 
-	if req.Proxy != "nginx" && req.Proxy != "traefik" && req.Proxy != "caddy" {
+	if req.Proxy != "nginx" && req.Proxy != "traefik" && req.Proxy != "caddy" && req.Proxy != "envoy" {
 		log.Warn().Str("proxy", req.Proxy).Msg("Invalid proxy")
 		c.JSON(400, gin.H{
 			"status":  400,