From e348075be1cf366abe7bd78b1376d35d873058d1 Mon Sep 17 00:00:00 2001
From: Aayush Sharma <aayusharma1401@gmail.com>
Date: Tue, 14 Mar 2023 01:29:23 +0530
Subject: [PATCH] Added headersToDownstreamOnAllow example in ext authz task
 page (#12791)

* Added headersToDownstreamOnAllow example in ext authz task page

Added headersToDownstreamOnAllow to https://istio.io/latest/docs/tasks/security/authorization/authz-custom/#define-the-external-authorizer.

* Update index.md

* updated snips.sh

* made suggested changes

* make scripts fix
---
 .../en/docs/tasks/security/authorization/authz-custom/index.md   | 1 +
 .../en/docs/tasks/security/authorization/authz-custom/snips.sh   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/content/en/docs/tasks/security/authorization/authz-custom/index.md b/content/en/docs/tasks/security/authorization/authz-custom/index.md
index bc863b54a3..0c02278de6 100644
--- a/content/en/docs/tasks/security/authorization/authz-custom/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-custom/index.md
@@ -143,6 +143,7 @@ allows requests with the header `x-ext-authz: allow`.
             port: "4180" # The default port used by oauth2-proxy.
             includeRequestHeadersInCheck: ["authorization", "cookie"] # headers sent to the oauth2-proxy in the check request.
             headersToUpstreamOnAllow: ["authorization", "path", "x-auth-request-user", "x-auth-request-email", "x-auth-request-access-token"] # headers sent to backend application when request is allowed.
+            headersToDownstreamOnAllow: ["content-type", "set-cookie"] # headers sent back to the client when request is allowed.
             headersToDownstreamOnDeny: ["content-type", "set-cookie"] # headers sent back to the client when request is denied.
     {{< /text >}}
 
diff --git a/content/en/docs/tasks/security/authorization/authz-custom/snips.sh b/content/en/docs/tasks/security/authorization/authz-custom/snips.sh
index 3583977a0c..de7f68c548 100644
--- a/content/en/docs/tasks/security/authorization/authz-custom/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-custom/snips.sh
@@ -100,6 +100,7 @@ data:
         port: "4180" # The default port used by oauth2-proxy.
         includeRequestHeadersInCheck: ["authorization", "cookie"] # headers sent to the oauth2-proxy in the check request.
         headersToUpstreamOnAllow: ["authorization", "path", "x-auth-request-user", "x-auth-request-email", "x-auth-request-access-token"] # headers sent to backend application when request is allowed.
+        headersToDownstreamOnAllow: ["content-type", "set-cookie"] # headers sent back to the client when request is allowed.
         headersToDownstreamOnDeny: ["content-type", "set-cookie"] # headers sent back to the client when request is denied.
 ENDSNIP