[1.5.0-beta.1]Downstream microservice does not seems to be secured on Public patterns

[pkolodziejczyk]

Modification of behaviour from 1.4.22 to 1.5.0

The behaviour on Public patterns URL and now require token when "Otoroshi exchange protocol" is active.

Resulting :

Otoroshi Error

Downstream microservice does not seems to be secured. Cancelling request ! 

Just to validated the new expected otoroshi configuration.

If we don't want validation for Public patterns URL :
In the section "Otoroshi exchange protocol" we add all "Public patterns URL" in the "Excluded patterns" part.

That right ?

[mathieuancelin]

I don't think there is a different behavior from 1.4.22, the default is no otoroshi protocol enabled. So you just have to disable it back. if you want to have it enabled on private routes, just add the public routes in exclusion of the otoroshi protocol. But that's not the purpose of the protocol, the idea is to enforce some kind of priviledged communication between otoroshi and the backend

[mathieuancelin]

@pkolodziejczyk the otoroshi protocol can be quite handy when using public URLs for service backend so you can only be called by otoroshi. If you are inside your container orchestrator, it's not mandatory i guess

[pkolodziejczyk]

Thanks for the information.