v.25.3Improvement

Add the ability to define a list

Published: November 25, 2025

Add the ability to define a list of headers that are forwarded from the headers of the client request to the external HTTP authenticator. #77054 (inv2004).

Add support for forwarding a configurable list of client request headers to external HTTP authenticators in ClickHouse.

Why it matters

This feature enables ClickHouse to pass specific headers from the client's HTTP request to external HTTP authentication services, allowing these authenticators to use additional context or credentials embedded in the headers for more flexible and secure authentication workflows.

How to use it

Users can configure a list of headers to forward by specifying them in the ClickHouse settings for external HTTP authenticators. When an HTTP request is authenticated, the specified headers from the original client request will be included in the request sent to the external authenticator.

Related resources

Pull Request #77054