From 8e8c69101e8775cfb5b1610f6614b4ea16a47af7 Mon Sep 17 00:00:00 2001 From: Marco van Zijl Date: Sun, 17 May 2026 11:29:48 +0200 Subject: [PATCH] Restrict OAuth2 Proxy trusted forwarded headers --- apps/litellm/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/litellm/values.yaml b/apps/litellm/values.yaml index 61bb121..dd41f96 100644 --- a/apps/litellm/values.yaml +++ b/apps/litellm/values.yaml @@ -169,11 +169,12 @@ oauth2-proxy: - "*" configFile: |- provider = "oidc" - oidc_issuer_url = "https://sso.noxxos.nl/application/o/litellm/" + oidc_issuer_url = "https://sso.noxxos.nl/application/o/litellm" redirect_url = "https://litellm.noxxos.nl/oauth2/callback" upstreams = [ "http://litellm:4000" ] email_domains = [ "*" ] reverse_proxy = true + trusted_ips = [ "10.244.0.0/16" ] pass_authorization_header = true pass_access_token = true set_xauthrequest = true