feat: Add support for X-Forwarded-Proto header

[christian-roggia]

Related issue

#153 @aeneasr @Entrio

Proposed changes

Add basic support for the header X-Forwarded-Proto which is normally set by an edge proxy like Ambassador, Istio, Traefik, Envoy, etc.

The proposed changes affect only the decision API as it is expected to be contacted by another proxy which will take care of SSL termination in most cases. It is important to notice that even if traffic reaching oathkeeper is plain HTTP, it does not mean that the traffic is not encrypted in transit. A good example is service mesh where Envoy or similar technologies (e.g. Linkerd) will secure traffic in transit through sidecars and mTLS.

Checklist

• I have read the contributing guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further comments

The changes proposed here have been tested in our development environment and they work like a charm for both proper rules matching and redirection URLs.

[Entrio]

Awesome! Are you sure it was as simple as just that one line? @aeneasr comments?

[aeneasr]

Nice, LGTM!