zitadel

mirror of https://github.com/zitadel/zitadel.git synced 2025-12-11 03:02:18 +00:00

Files

Max Peintner 4c879b4733 fix(login): Centralize host header resolution and forward headers to APIs

This PR refactors the host resolution logic to establish a single source of truth for determining the instance and public hosts from request headers. It also ensures that headers are properly forwarded to APIs for multi-tenant routing.

Centralized Host Resolution (host.ts)
Created dedicated functions in `src/lib/server/host.ts` to handle host resolution:

1. `getInstanceHost(headers)`: Returns the instance host used for API routing
Priority: x-zitadel-instance-host → x-forwarded-host → host
Used for determining which ZITADEL instance to route API calls to

2. `getPublicHost(headers)`: Returns the public-facing host that users see
Priority: x-forwarded-host → host (explicitly excludes x-zitadel-instance-host)
Used for generating user-facing URLs (password reset links, etc.)

Additionally, on logout / end_session the parameters are passed as a JWT to safely pass the state between the API and the login UI V2.

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

(cherry picked from commit df75be96ff)

2025-12-08 10:15:19 +01:00

assets

fix(assets-api): Add error handling for missing file paths (#10938 )

2025-10-27 08:45:13 +01:00

authz

fix: sanitize host headers before use

2025-10-29 10:07:05 +01:00

call

…

grpc

feat(api): move organization api (#11045 )

2025-11-13 08:43:38 +01:00