Sec-websocket-protocol header not passing to ext auth sever

Hi team,

Thank you in advance for your support.

Sec-websocket-protocol header not passing to ext auth sever and we are getting 403 issues.

Istio version - 1.10.6
AKS - 1.21

Kindly guide me to resolve the issue.

Header value is being shown as null at ext-auth-server pod logs, please help.

Regards,
Kalyan

@YangminZhu, Kindly suggest on this request.

have you defined extension provider in your mesh config ? ref : Istio / External Authorization

Yeah, this has been deployed. Kindly suggest Sec-Websocket-Protocol should be in lower case. Below has been defined.

extensionProviders:
- envoyExtAuthzHttp:
    headersToUpstreamOnAllow:
    - authorization
    - x-auth-role
    - x-projectid
    includeHeadersInCheck:
    - authorization
    - Sec-WebSocket-Protocol
    - x-projectid
    port: "8000"
    service: ext-authz-server-service.default.svc.cluster.local
  name: ext-authz-http