diff --git a/packages/automl/frontend/config/webpack.dev.js b/packages/automl/frontend/config/webpack.dev.js index 6dacbc8066..ed179d377a 100644 --- a/packages/automl/frontend/config/webpack.dev.js +++ b/packages/automl/frontend/config/webpack.dev.js @@ -88,7 +88,19 @@ module.exports = smp.wrap( context: ['/api', '/automl/api'], target: `${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}`, changeOrigin: true, - headers: getProxyHeaders(), + onProxyReq: (proxyReq, req) => { + const upstreamAuth = req.headers.authorization; + if (upstreamAuth && AUTH_METHOD === 'user_token') { + // Federated mode: forward the upstream token (may be impersonated) as x-forwarded-access-token + const token = upstreamAuth.replace(/^Bearer\s+/i, ''); + proxyReq.setHeader('x-forwarded-access-token', token); + } else { + const headers = getProxyHeaders(); + Object.entries(headers).forEach(([key, value]) => { + proxyReq.setHeader(key, value); + }); + } + }, }, ], devMiddleware: { diff --git a/packages/autorag/frontend/config/webpack.dev.js b/packages/autorag/frontend/config/webpack.dev.js index aefedb79c9..ea1483fd95 100644 --- a/packages/autorag/frontend/config/webpack.dev.js +++ b/packages/autorag/frontend/config/webpack.dev.js @@ -92,7 +92,19 @@ module.exports = smp.wrap( port: PROXY_PORT, }, changeOrigin: true, - headers: getProxyHeaders(), + onProxyReq: (proxyReq, req) => { + const upstreamAuth = req.headers.authorization; + if (upstreamAuth && AUTH_METHOD === 'user_token') { + // Federated mode: forward the upstream token (may be impersonated) as x-forwarded-access-token + const token = upstreamAuth.replace(/^Bearer\s+/i, ''); + proxyReq.setHeader('x-forwarded-access-token', token); + } else { + const headers = getProxyHeaders(); + Object.entries(headers).forEach(([key, value]) => { + proxyReq.setHeader(key, value); + }); + } + }, }, ], devMiddleware: { diff --git a/packages/eval-hub/frontend/config/webpack.dev.js b/packages/eval-hub/frontend/config/webpack.dev.js index f97ae27fdf..7c58257905 100644 --- a/packages/eval-hub/frontend/config/webpack.dev.js +++ b/packages/eval-hub/frontend/config/webpack.dev.js @@ -93,7 +93,19 @@ module.exports = smp.wrap( port: PROXY_PORT, }, changeOrigin: true, - headers: getProxyHeaders(), + onProxyReq: (proxyReq, req) => { + const upstreamAuth = req.headers.authorization; + if (upstreamAuth && AUTH_METHOD === 'user_token') { + // Federated mode: forward the upstream token (may be impersonated) as x-forwarded-access-token + const token = upstreamAuth.replace(/^Bearer\s+/i, ''); + proxyReq.setHeader('x-forwarded-access-token', token); + } else { + const headers = getProxyHeaders(); + Object.entries(headers).forEach(([key, value]) => { + proxyReq.setHeader(key, value); + }); + } + }, }, { context: ['/mlflow'], @@ -103,7 +115,19 @@ module.exports = smp.wrap( port: MLFLOW_PROXY_PORT, }, changeOrigin: true, - headers: getProxyHeaders(), + onProxyReq: (proxyReq, req) => { + const upstreamAuth = req.headers.authorization; + if (upstreamAuth && AUTH_METHOD === 'user_token') { + // Federated mode: forward the upstream token (may be impersonated) as x-forwarded-access-token + const token = upstreamAuth.replace(/^Bearer\s+/i, ''); + proxyReq.setHeader('x-forwarded-access-token', token); + } else { + const headers = getProxyHeaders(); + Object.entries(headers).forEach(([key, value]) => { + proxyReq.setHeader(key, value); + }); + } + }, }, ], devMiddleware: { diff --git a/packages/gen-ai/frontend/config/webpack.dev.js b/packages/gen-ai/frontend/config/webpack.dev.js index fc2604fd33..3e5fdb65cb 100644 --- a/packages/gen-ai/frontend/config/webpack.dev.js +++ b/packages/gen-ai/frontend/config/webpack.dev.js @@ -82,7 +82,19 @@ module.exports = merge( protocol: PROXY_PROTOCOL, }, changeOrigin: true, - headers: getProxyHeaders(), + onProxyReq: (proxyReq, req) => { + const upstreamAuth = req.headers.authorization; + if (upstreamAuth && AUTH_METHOD === 'user_token') { + // Federated mode: forward the upstream token (may be impersonated) as x-forwarded-access-token + const token = upstreamAuth.replace(/^Bearer\s+/i, ''); + proxyReq.setHeader('x-forwarded-access-token', token); + } else { + const headers = getProxyHeaders(); + Object.entries(headers).forEach(([key, value]) => { + proxyReq.setHeader(key, value); + }); + } + }, }, ], }, diff --git a/packages/maas/frontend/config/webpack.dev.js b/packages/maas/frontend/config/webpack.dev.js index c0ddcf4b2e..951a56700f 100644 --- a/packages/maas/frontend/config/webpack.dev.js +++ b/packages/maas/frontend/config/webpack.dev.js @@ -91,7 +91,19 @@ module.exports = smp.wrap( port: PROXY_PORT, }, changeOrigin: true, - headers: getProxyHeaders(), + onProxyReq: (proxyReq, req) => { + const upstreamAuth = req.headers.authorization; + if (upstreamAuth && AUTH_METHOD === 'user_token') { + // Federated mode: forward the upstream token (may be impersonated) as x-forwarded-access-token + const token = upstreamAuth.replace(/^Bearer\s+/i, ''); + proxyReq.setHeader('x-forwarded-access-token', token); + } else { + const headers = getProxyHeaders(); + Object.entries(headers).forEach(([key, value]) => { + proxyReq.setHeader(key, value); + }); + } + }, }, ], devMiddleware: { diff --git a/packages/mlflow/frontend/config/webpack.dev.js b/packages/mlflow/frontend/config/webpack.dev.js index e2f84fb938..fe778006b4 100644 --- a/packages/mlflow/frontend/config/webpack.dev.js +++ b/packages/mlflow/frontend/config/webpack.dev.js @@ -87,7 +87,19 @@ module.exports = smp.wrap( }, pathRewrite: { '^/_bff/mlflow/api': '/api' }, changeOrigin: true, - headers: getProxyHeaders(), + onProxyReq: (proxyReq, req) => { + const upstreamAuth = req.headers.authorization; + if (upstreamAuth && AUTH_METHOD === 'user_token') { + // Federated mode: forward the upstream token (may be impersonated) as x-forwarded-access-token + const token = upstreamAuth.replace(/^Bearer\s+/i, ''); + proxyReq.setHeader('x-forwarded-access-token', token); + } else { + const headers = getProxyHeaders(); + Object.entries(headers).forEach(([key, value]) => { + proxyReq.setHeader(key, value); + }); + } + }, }, ], devMiddleware: {