From d574d1edaefa0f033990664a335d49481adae016 Mon Sep 17 00:00:00 2001 From: Biniam Bekele Date: Sat, 12 Jul 2025 17:13:34 -0400 Subject: [PATCH] Use X-Forwarded-Groups instead of -Role in example (#19121) X-Forwarded-For is not among the list of allowlisted headers, so using it in an example may lead others astray. See this discussion: https://github.com/blakeblackshear/frigate/discussions/19120 --- docs/docs/configuration/authentication.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/configuration/authentication.md b/docs/docs/configuration/authentication.md index 97fcb3721..bf878d6bd 100644 --- a/docs/docs/configuration/authentication.md +++ b/docs/docs/configuration/authentication.md @@ -112,7 +112,7 @@ python3 -c 'import secrets; print(secrets.token_hex(64))' ### Header mapping -If you have disabled Frigate's authentication and your proxy supports passing a header with authenticated usernames and/or roles, you can use the `header_map` config to specify the header name so it is passed to Frigate. For example, the following will map the `X-Forwarded-User` and `X-Forwarded-Role` values. Header names are not case sensitive. Multiple values can be included in the role header. Frigate expects that the character separating the roles is a comma, but this can be specified using the `separator` config entry. +If you have disabled Frigate's authentication and your proxy supports passing a header with authenticated usernames and/or roles, you can use the `header_map` config to specify the header name so it is passed to Frigate. For example, the following will map the `X-Forwarded-User` and `X-Forwarded-Groups` values. Header names are not case sensitive. Multiple values can be included in the role header. Frigate expects that the character separating the roles is a comma, but this can be specified using the `separator` config entry. ```yaml proxy: @@ -120,7 +120,7 @@ proxy: separator: "|" # This value defaults to a comma, but Authentik uses a pipe, for example. header_map: user: x-forwarded-user - role: x-forwarded-role + role: x-forwarded-groups ``` Frigate supports both `admin` and `viewer` roles (see below). When using port `8971`, Frigate validates these headers and subsequent requests use the headers `remote-user` and `remote-role` for authorization.