You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/proposals/authentication-filter.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -970,9 +970,9 @@ Only a single `AuthenticationFilter` may be referened in a single rule.
970
970
971
971
The `Status` the HTTPRoute/GRPCRoute in this scenario should be set to `Invalid`, and the resource should be `Rejected`
972
972
973
-
This behavour falls in line with the expected behaviour of filters in the Gateway API, which generally allows only one type of a specific filter (authentication, rewriting, etc.) within a rule.
973
+
This behaviour falls in line with the expected behaviour of filters in the Gateway API, which generally allows only one type of a specific filter (authentication, rewriting, etc.) within a rule.
974
974
975
-
Below is an eample of an **invalid** HTTPRoute that references multiple `AuthenticationFilter` resources in a single rule
975
+
Below is an example of an **invalid** HTTPRoute that references multiple `AuthenticationFilter` resources in a single rule
976
976
977
977
```yaml
978
978
apiVersion: gateway.networking.k8s.io/v1
@@ -1008,20 +1008,20 @@ spec:
1008
1008
## Testing
1009
1009
1010
1010
- Unit tests
1011
-
- Functional tests to validate behavioural scenarios when referncing filters in different combinations. The details of these tests are out of scope for this document.
1011
+
- Functional tests to validate behavioural scenarios when referencing filters in different combinations. The details of these tests are out of scope for this document.
1012
1012
1013
1013
## Security Considerations
1014
1014
1015
1015
### Basic Auth and Local JWKS
1016
1016
1017
1017
Basic Auth sends credentials in an Authorization header that is base64-encoded.
1018
-
JWT Auth requires users to provided a bearer token through the Authroization header.
1018
+
JWT Auth requires users to provide a bearer token through the Authorization header.
1019
1019
1020
1020
Both of these methods can be easily intercepted over HTTP.
1021
1021
1022
-
Users that attach an `AuthenticaitonFilter` to a HTTPRoute/GRPCRoute should be advised to enable HTTPS traffic at the Gateway level for the routes.
1022
+
Users that attach an `AuthenticationFilter` to an HTTPRoute/GRPCRoute should be advised to enable HTTPS traffic at the Gateway level for the routes.
1023
1023
1024
-
Any exmaple configurations and deployments for the `AuthenticationFilter` should enable HTTPS at the Gateway level by default.
1024
+
Any example configurations and deployments for the `AuthenticationFilter` should enable HTTPS at the Gateway level by default.
1025
1025
1026
1026
### Namespace isolataion and cross-namespace references
1027
1027
Both Auth and Local JWKS should only have access to Secrets and ConfigMaps in the same namespace by default.
@@ -1107,7 +1107,7 @@ spec:
1107
1107
1108
1108
### Remote JWKS
1109
1109
1110
-
Proxy cache TTL should be configurable and set to a resonable default, reducing periods of stale cached JWKs.
1110
+
Proxy cache TTL should be configurable and set to a reasonable default, reducing periods of stale cached JWKs.
0 commit comments