While trying to set-up apache as the Reverse Proxy, I see that I get incorrect location in the Response Headers ( Location is sent as "/" whereas it should be "backend/auth/api/token" )
I have set up my apache server as follows (relevant section pasted). What am I doing wrong here?
ProxyPreserveHost On ProxyPass /auth/ https://backend:8443/auth/ ProxyPass /api/ https://backend:8443/endpoint/api/ ProxyPass /legacy/api/ https://backend:8443/endpoint/legacy/api/ ProxyPassReverse /auth/ https://backend:8443/auth/ ProxyPassReverse /api/ https://backend:8443/endpoint/api/ ProxyPassReverse /endpoint/api/ https://backend:8443/endpoint/api/ ProxyPassReverse /endpoint/legacy/api/ https://backend:8443/endpoint/legacy/api/ ProxyPassReverse /legacy/api https://backend:8443/endpoint/legacy/api RequestHeader set Host frontend ProxyPassReverseCookieDomain backend frontend ProxyPassReverseCookiePath https://frontend:8443 https://backend:8443 RequestHeader set X-Forwarded-Proto: "https" Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly" Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure" Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Headers "Authorization" Header always set Access-Control-Allow-Methods "GET" Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location" Header always set Access-Control-Max-Age "600" Header always set Strict-Transport-Security "max-age=63072000;" Header set X-Content-Type-Options "nosniff" Header always append X-Frame-Options "SAMEORIGIN" I am on CentOS.
