I am having two issues with proxy authentication in opensearch-dashboards. I have been following the instructions here: OpenSearch Dashboards Proxy Authentication. I have a proxy (Spring Gateway) that is adding the following headers: x-forwarded-for, x-proxy-user, x-proxy-roles. If I configure the requestHeadersAllowlist to include x-forwarded-for, proxy authentication in os dashboards doesn't work at all. I just get 401s and opensearch has a statement saying "XFF not done". If I remove x-forwarded-for, proxy authentication works well.
Except, and here is my issue, when I go to Dev Tools / Console and submit a request, I get prompted for a username / password. Not sure why the behavior of Discover is different from Dev Tools / Console or how to fix it. I have put a gateway between OS-Dashboards and OS to log the provided headers and in none of the cases is x-forwarded-for passed, even when the OS log states that XFF was resolved.
UPDATE
Interestingly, if I update everything to use a custom header (ap-forwarded-for) instead of x-forwarded-for everything seems to work.