mc/mcr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Use absolute realm URL in WWW-Authenticate and add service_name

Browse Source 
OCI clients (podman, docker) require an absolute URL in the
WWW-Authenticate realm. Derive it from the request Host header
so it works behind any proxy. Add service_name to rift config.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-25 22:41:36 -07:00
parent 7f673e8ef0
commit fa35899443
4 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/server/routes_test.go
View File

@@ -55,7 +55,7 @@ func TestRoutesV2Unauthenticated(t *testing.T) {
}
wwwAuth := rec.Header().Get("WWW-Authenticate")
want := `Bearer realm="/v2/token",service="mcr-test"`
want := `Bearer realm="https://example.com/v2/token",service="mcr-test"`
if wwwAuth != want {
t.Fatalf("WWW-Authenticate: got %q, want %q", wwwAuth, want)
}