[Bug]: Incomplete source of request urls for skip_auth_routes feature

[sja]

OAuth2-Proxy Version

7.6.0

Provider

oidc

Expected Behaviour

In my kubernetes/nginx-ingress setup oauth2-proxy is used as auth-url endpoint. The nginx config forwards proxy headers to the oauth2-proxy:

proxy_set_header X-Forwarded-For        $remote_addr;
proxy_set_header X-Forwarded-Host       $best_http_host;
proxy_set_header X-Forwarded-Port       $pass_port;
proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
proxy_set_header X-Forwarded-Scheme     $pass_access_scheme;

And as of the --reverse-proxy option, that should be sufficient:

X-Forwarded-{Proto,Host,Uri}

Current Behaviour

The information on that endpoint to compare against the to be skipped expressions is just the X-Forwarded-Uri header.
See isAllowedPath in oauthproxy.go:578 and GetRequestURI in util.go:38.
As an effect, oauth2-proxy cannot check if the request URL given in X-Forwarded-* has a match in the skip-auth regexes.

Steps To Reproduce

1. Parametrise oauth2-proxy with params --reverse-proxy --skip-auth-regex '.well-known/home$'
2. curl localhost/.well-known/home <-- not passing through, redirected to identity provider

Possible Solutions

At least give a more explicit hint in the docs or use the common proxy headers and build the requesting URL from them.

nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Uri $request_uri;

Configuration details or additional information

No response