1
46%
main: 46%

Ran 22 Apr 2026 08:37PM UTC

Files 697

Run time 20s

Badge

Embed ▾

Committed 22 Apr 2026 08:22PM UTC coverage: 45.753% (+0.07%) from 45.684%

Job # 24800708842.1

Build Type

push

github

Committed by

web-flow

Commit Message

pomerium/authorize: disable redirect when session passed in header or query string (#6289)

## Summary
During authorization an invalid session (expired, invalid or doesn't
exist) will result in a redirect to the authenticate service. However
sometimes this redirect should not happen: for gRPC/gRPC-web calls, json
requests, MCP requests, etc...

Add two more cases for when we should prevent the redirect:

- If the pomerium session/service account is found as an HTTP header
- If the pomerium session/service account is found as an HTTP request
URL query string parameter

In these cases initiating an interactive login doesn't make sense
because headers/query string parameters indicates that the user isn't
using cookies for authentication.

## Related issues
-
[ENG-3156](https://linear.app/pomerium/issue/ENG-3156/core-invalid-or-missing-service-accounts-should-result-in-forbidden)


## Checklist

- [x] reference any related issues
- [x] updated unit tests
- [ ] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [x] ready for review

Coverage Stats

35644 of 77906 relevant lines covered (45.75%)

115.54 hits per line

pomerium / pomerium / 24800708842 / 1
46%
main: 46%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 24800708842.1

pomerium / pomerium / 24800708842 / 1 46% main: 46%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 24800708842.1

pomerium / pomerium / 24800708842 / 1
46%
main: 46%

README BADGES
x