Merge remote-tracking branch 'origin/master' into feat-settings-ui

# Conflicts: # web/package.json # web/pnpm-lock.yaml
2023-04-21 21:32:32 +10:00 · 2023-04-21 21:32:32 +10:00 · 873749a28f
parent 79973414e4 72ab2e690e
commit 873749a28f
22 changed files with 380 additions and 289 deletions
--- a/api/openapi.yml
+++ b/api/openapi.yml
@ -155,7 +155,7 @@ paths:
          example: '{{ $.Domain | default "example.com" }}'
          schema:
            type: string
-        - name: X-Forwarded-Uri
+        - name: X-Forwarded-URI
          in: header
          description: Redirection URL (URI)
          required: false
@ -1540,7 +1540,7 @@ components:
      schema:
        type: string
    forwardedURIParam:
-      name: X-Forwarded-Uri
+      name: X-Forwarded-URI
      in: header
      description: Redirection URL (URI)
      required: true
--- a/docs/content/en/integration/proxies/caddy.md
+++ b/docs/content/en/integration/proxies/caddy.md
@ -230,7 +230,7 @@ nextcloud.example.com {
                rewrite "/api/authz/forward-auth?authelia_url=https://auth.example.com/"
                header_up X-Forwarded-Method {method}
-                header_up X-Forwarded-Uri {uri}
+                header_up X-Forwarded-URI {uri}
                ## If the auth request:
                ##   1. Responds with a status code IN the 200-299 range.
--- a/docs/content/en/integration/proxies/introduction.md
+++ b/docs/content/en/integration/proxies/introduction.md
@ -28,6 +28,29 @@ bootstrapping *Authelia*.
 See [support](support.md) for support information.
 ### Required Headers
 __Authelia__ itself requires the following headers are set when secured behind a reverse proxy:
 * Scheme Detection:
  * Default: [X-Forwarded-Proto] (header)
  * Fallback: TLS (listening socket state)
 * Host Detection:
  * Default: [X-Forwarded-Host] (header)
  * Fallback: [Host] (header)
 * Path Detection:
  * Default: X-Forwarded-URI (header)
  * Fallback: [Start Line] Request Target (start line)
 * Remote IP:
  * Default: [X-Forwarded-For]
  * Fallback: TCP source IP
 [Host]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
 [Start Line]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages#start_line
 [X-Forwarded-For]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
 [X-Forwarded-Proto]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
 [X-Forwarded-Host]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
 ## Integration Implementation
 Authelia is capable of being integrated into many proxies due to the decisions regarding the implementation. We handle
@ -41,12 +64,14 @@ your reverse proxy. The headers we rely on at the authz endpoints are as follows
 * [X-Forwarded-Proto](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto)
 * [X-Forwarded-Host](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host)
-* X-Forwarded-Uri
+* X-Forwarded-URI
 * [X-Forwarded-For](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For)
 * X-Forwarded-Method / X-Original-Method
 * X-Original-URL
-The specifics however are dictated by the specific [Authorization Implementation](../../reference/guides/proxy-authorization.md) used.
+The specifics however are dictated by the specific
 [Authorization Implementation](../../reference/guides/proxy-authorization.md) used. Please refer to the specific
 implementation you're using.
 ### User Identification
--- a/docs/content/en/integration/proxies/nginx.md
+++ b/docs/content/en/integration/proxies/nginx.md
@ -350,7 +350,7 @@ use cases.
 The following is an example `proxy.conf`. The important directives include the `real_ip` directives which you should read
 [Trusted Proxies](#trusted-proxies) section to understand, or set the `X-Forwarded-Proto`, `X-Forwarded-Host`,
-`X-Forwarded-Uri`, and `X-Forwarded-For` headers.
+`X-Forwarded-URI`, and `X-Forwarded-For` headers.
 ##### Standard Variant
@ -363,7 +363,7 @@ proxy_set_header Host $host;
 proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Host $http_host;
-proxy_set_header X-Forwarded-Uri $request_uri;
+proxy_set_header X-Forwarded-URI $request_uri;
 proxy_set_header X-Forwarded-Ssl on;
 proxy_set_header X-Forwarded-For $remote_addr;
 proxy_set_header X-Real-IP $remote_addr;
@ -408,7 +408,7 @@ proxy_set_header Host $host;
 proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Host $http_host;
-proxy_set_header X-Forwarded-Uri $request_uri;
+proxy_set_header X-Forwarded-URI $request_uri;
 proxy_set_header X-Forwarded-Ssl on;
 proxy_set_header X-Forwarded-For $remote_addr;
 ```
@ -539,7 +539,7 @@ location /internal/authelia/authz/basic {
    proxy_set_header X-Forwarded-Method $request_method;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
-    proxy_set_header X-Forwarded-Uri $request_uri;
+    proxy_set_header X-Forwarded-URI $request_uri;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Content-Length "";
    proxy_set_header Connection "";
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md
@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help
  -o, --organization strings            certificate organization (default [Authelia])
      --organizational-unit strings     certificate organizational unit
      --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
      --pkcs8                           force PKCS #8 ASN.1 format
  -p, --postcode strings                certificate postcode
      --province strings                certificate province
      --sans strings                    subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md
@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help
      --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
  -o, --organization strings          certificate organization (default [Authelia])
      --organizational-unit strings   certificate organizational unit
      --pkcs8                         force PKCS #8 ASN.1 format
  -p, --postcode strings              certificate postcode
      --province strings              certificate province
      --sans strings                  subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md
@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help
  -o, --organization strings            certificate organization (default [Authelia])
      --organizational-unit strings     certificate organizational unit
      --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
      --pkcs8                           force PKCS #8 ASN.1 format
  -p, --postcode strings                certificate postcode
      --province strings                certificate province
      --sans strings                    subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md
@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help
      --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
  -o, --organization strings          certificate organization (default [Authelia])
      --organizational-unit strings   certificate organizational unit
      --pkcs8                         force PKCS #8 ASN.1 format
  -p, --postcode strings              certificate postcode
      --province strings              certificate province
      --sans strings                  subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md
@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help
  -o, --organization strings            certificate organization (default [Authelia])
      --organizational-unit strings     certificate organizational unit
      --path.ca string                  source directory of the certificate authority files, if not provided the certificate will be self-signed
      --pkcs8                           force PKCS #8 ASN.1 format
  -p, --postcode strings                certificate postcode
      --province strings                certificate province
      --sans strings                    subject alternative names
--- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md
+++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md
@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help
      --not-before string             earliest date and time the certificate is considered valid in various formats (default is now)
  -o, --organization strings          certificate organization (default [Authelia])
      --organizational-unit strings   certificate organizational unit
      --pkcs8                         force PKCS #8 ASN.1 format
  -p, --postcode strings              certificate postcode
      --province strings              certificate province
      --sans strings                  subject alternative names
--- a/go.mod
+++ b/go.mod
@ -34,7 +34,7 @@ require (
 	github.com/ory/fosite v0.44.0
 	github.com/ory/herodot v0.10.2
 	github.com/ory/x v0.0.553
-	github.com/otiai10/copy v1.10.0
+	github.com/otiai10/copy v1.11.0
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
 	github.com/prometheus/client_golang v1.15.0
--- a/go.sum
+++ b/go.sum
@ -329,8 +329,8 @@ github.com/ory/herodot v0.10.2 h1:gGvNMHgAwWzdP/eo+roSiT5CGssygHSjDU7MSQNlJ4E=
 github.com/ory/herodot v0.10.2/go.mod h1:MMNmY6MG1uB6fnXYFaHoqdV23DTWctlPsmRCeq/2+wc=
 github.com/ory/x v0.0.553 h1:dRSEcbfpJYOl+yk55LTiLUXq2JslaeVaTp6CzHQW5Kw=
 github.com/ory/x v0.0.553/go.mod h1:oRVemI3SQQOLvOCJWIRinHQKlgmay/NbwSyRUIsS/Yk=
-github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
+github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc=
-github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
+github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
 github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
--- a/internal/commands/crypto.go
+++ b/internal/commands/crypto.go
@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er
 // CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command.
 func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) {
 	var (
-		privateKey any
+		template                *x509.CertificateRequest
 		privateKey              any
 		csr                     []byte
 		privateKeyPath, csrPath string
 		pkcs8                   bool
 	)
 	if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil {
 		return err
 	}
-	var (
+	if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
-		template                *x509.CertificateRequest
+		return err
-		csr                     []byte
+	}
 		privateKeyPath, csrPath string
 	)
 	if template, err = cryptoGetCSRFromCmd(cmd); err != nil {
 		return err
@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string)
 		return fmt.Errorf("failed to create certificate request: %w", err)
 	}
-	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
+	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
 		return err
 	}
@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
 	var (
 		template, caCertificate, parent       *x509.Certificate
 		publicKey, caPrivateKey, signatureKey any
 		pkcs8                                 bool
 	)
 	if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil {
 		return err
 	}
 	if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil {
 		return fmt.Errorf("failed to obtain public key from private key")
 	}
@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string,
 		return fmt.Errorf("failed to create certificate: %w", err)
 	}
-	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil {
+	if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil {
 		return err
 	}
--- a/internal/commands/crypto_helper.go
+++ b/internal/commands/crypto_helper.go
@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) {
 func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) {
 	cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to")
 	cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
 }
 func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) {
 	cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format")
 	cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to")
 	cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored")
 }
--- a/internal/handlers/const_test.go
+++ b/internal/handlers/const_test.go
@ -21,7 +21,7 @@ var (
 const (
 	testXOriginalMethod = "X-Original-Method"
-	testXOriginalUrl    = "X-Original-Url"
+	testXOriginalUrl    = "X-Original-URL"
 	testBypass          = "bypass"
 	testWithoutAccept   = "WithoutAccept"
 	testWithXHRHeader   = "WithXHRHeader"
--- a/internal/handlers/handler_authz_impl_forwardauth_test.go
+++ b/internal/handlers/handler_authz_impl_forwardauth_test.go
@ -240,7 +240,7 @@ func (s *ForwardAuthAuthzSuite) TestShouldHandleMissingHostDeny() {
 			mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 			mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
 			mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
-			mock.Ctx.Request.Header.Set("X-Forwarded-Uri", "/")
+			mock.Ctx.Request.Header.Set("X-Forwarded-URI", "/")
 			mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 			authz.Handler(mock.Ctx)
@ -395,7 +395,7 @@ func (s *ForwardAuthAuthzSuite) TestShouldHandleInvalidURLForCVE202132637() {
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.SetBytesKV([]byte(fasthttp.HeaderXForwardedProto), tc.scheme)
 					mock.Ctx.Request.Header.SetBytesKV([]byte(fasthttp.HeaderXForwardedHost), tc.host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", tc.path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", tc.path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
@ -560,7 +560,7 @@ func setRequestForwardAuth(ctx *middlewares.AutheliaCtx, method string, targetUR
 	if targetURI != nil {
 		ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
 		ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
-		ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
+		ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
 	}
 	setRequestXHRValues(ctx, accept, xhr)
--- a/internal/handlers/handler_authz_impl_legacy_test.go
+++ b/internal/handlers/handler_authz_impl_legacy_test.go
@ -60,7 +60,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsDeny() {
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, pairURI.TargetURI.Scheme)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, pairURI.TargetURI.Host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", pairURI.TargetURI.Path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", pairURI.TargetURI.Path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
@ -108,7 +108,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsOverrideAutheliaURLDeny() {
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, pairURI.TargetURI.Scheme)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, pairURI.TargetURI.Host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", pairURI.TargetURI.Path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", pairURI.TargetURI.Path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
@ -151,7 +151,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsMissingAutheliaURLBypassSta
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
@ -183,7 +183,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsMissingAutheliaURLOneFactor
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
@ -213,7 +213,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsRDAutheliaURLOneFactorStatu
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					mock.Ctx.Request.SetRequestURI("/api/verify?rd=https%3A%2F%2Fauth.example.com")
@ -263,7 +263,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsXHRDeny() {
 							mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 							mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, pairURI.TargetURI.Scheme)
 							mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, pairURI.TargetURI.Host)
-							mock.Ctx.Request.Header.Set("X-Forwarded-Uri", pairURI.TargetURI.Path)
+							mock.Ctx.Request.Header.Set("X-Forwarded-URI", pairURI.TargetURI.Path)
 							if x {
 								mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
@ -311,7 +311,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleInvalidMethodCharsDeny() {
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
@ -338,7 +338,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleMissingHostDeny() {
 			mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 			mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
 			mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
-			mock.Ctx.Request.Header.Set("X-Forwarded-Uri", "/")
+			mock.Ctx.Request.Header.Set("X-Forwarded-URI", "/")
 			mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 			authz.Handler(mock.Ctx)
@ -370,7 +370,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsAllow() {
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
@ -454,7 +454,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleAllMethodsAllowXHR() {
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, targetURI.Scheme)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, targetURI.Host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", targetURI.Path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", targetURI.Path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
@ -613,7 +613,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleInvalidURLForCVE202132637() {
 					mock.Ctx.Request.Header.Set("X-Forwarded-Method", method)
 					mock.Ctx.Request.Header.SetBytesKV([]byte(fasthttp.HeaderXForwardedProto), tc.scheme)
 					mock.Ctx.Request.Header.SetBytesKV([]byte(fasthttp.HeaderXForwardedHost), tc.host)
-					mock.Ctx.Request.Header.Set("X-Forwarded-Uri", tc.path)
+					mock.Ctx.Request.Header.Set("X-Forwarded-URI", tc.path)
 					mock.Ctx.Request.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf-8")
 					authz.Handler(mock.Ctx)
--- a/internal/middlewares/authelia_context.go
+++ b/internal/middlewares/authelia_context.go
@ -177,7 +177,7 @@ func (ctx *AutheliaCtx) GetXForwardedHost() (host []byte) {
 	return host
 }
-// XForwardedURI returns the content of the X-Forwarded-Uri header.
+// XForwardedURI returns the content of the X-Forwarded-URI header.
 func (ctx *AutheliaCtx) XForwardedURI() (host []byte) {
 	return ctx.Request.Header.PeekBytes(headerXForwardedURI)
 }
--- a/internal/server/template_test.go
+++ b/internal/server/template_test.go
@ -71,7 +71,7 @@ func TestShouldTemplateOpenAPI(t *testing.T) {
 	mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
 	mock.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "example.com")
-	mock.Ctx.Request.Header.Set("X-Forwarded-Uri", "/api/openapi.yml")
+	mock.Ctx.Request.Header.Set("X-Forwarded-URI", "/api/openapi.yml")
 	handler(mock.Ctx)
--- a/internal/suites/example/compose/envoy/docker-compose.yml
+++ b/internal/suites/example/compose/envoy/docker-compose.yml
@ -2,7 +2,7 @@
 version: '3'
 services:
  envoy:
-    image: envoyproxy/envoy:v1.25.5
+    image: envoyproxy/envoy:v1.26.0
    volumes:
      - ./example/compose/envoy/envoy.yaml:/etc/envoy/envoy.yaml
      - ./common/pki:/pki
--- a/web/package.json
+++ b/web/package.json
@ -23,14 +23,14 @@
    "@fortawesome/free-solid-svg-icons": "6.4.0",
    "@fortawesome/react-fontawesome": "0.2.0",
    "@mui/icons-material": "5.11.16",
-    "@mui/material": "5.12.0",
+    "@mui/material": "5.12.1",
    "@mui/styles": "5.12.0",
    "@simplewebauthn/browser": "7.2.0",
    "@simplewebauthn/typescript-types": "7.0.0",
-    "axios": "1.3.5",
+    "axios": "1.3.6",
    "broadcast-channel": "5.0.3",
    "classnames": "2.3.2",
-    "i18next": "22.4.14",
+    "i18next": "22.4.15",
    "i18next-browser-languagedetector": "7.0.1",
    "i18next-http-backend": "2.2.0",
    "qrcode.react": "3.1.0",
@ -77,16 +77,16 @@
    "@limegrass/eslint-plugin-import-alias": "1.0.6",
    "@testing-library/jest-dom": "5.16.5",
    "@testing-library/react": "14.0.0",
-    "@types/node": "18.15.11",
+    "@types/node": "18.15.13",
-    "@types/react": "18.0.35",
+    "@types/react": "18.0.37",
    "@types/react-dom": "18.0.11",
    "@types/testing-library__jest-dom": "5.14.5",
    "@types/zxcvbn": "4.4.1",
-    "@typescript-eslint/eslint-plugin": "5.58.0",
+    "@typescript-eslint/eslint-plugin": "5.59.0",
-    "@typescript-eslint/parser": "5.58.0",
+    "@typescript-eslint/parser": "5.59.0",
-    "@vitejs/plugin-react": "3.1.0",
+    "@vitejs/plugin-react": "4.0.0",
    "@vitest/coverage-istanbul": "0.30.1",
-    "esbuild": "0.17.16",
+    "esbuild": "0.17.17",
    "eslint": "8.38.0",
    "eslint-config-prettier": "8.8.0",
    "eslint-config-react-app": "7.0.1",
@ -97,12 +97,12 @@
    "eslint-plugin-prettier": "4.2.1",
    "eslint-plugin-react": "7.32.2",
    "eslint-plugin-react-hooks": "4.6.0",
-    "happy-dom": "9.7.1",
+    "happy-dom": "9.8.4",
    "husky": "8.0.3",
    "prettier": "2.8.7",
    "react-test-renderer": "18.2.0",
    "typescript": "5.0.4",
-    "vite": "4.2.1",
+    "vite": "4.3.1",
    "vite-plugin-eslint": "1.8.1",
    "vite-plugin-istanbul": "4.0.1",
    "vite-plugin-svgr": "2.4.0",
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml