[API] Strengthen request authentication and proxy trust validation

## Summary
Request authentication middleware and proxy trust configuration need hardening to ensure proper identity verification.

## Tasks
- [ ] Add robust null/format checks in authentication middleware
- [ ] Configure proxy trust validation to only accept known proxies
- [ ] Remove TODO placeholder in trust proxy configuration

## Impact
Could allow requests to bypass authentication or spoof client identity.

## Details
Full details in internal audit document. Finding IDs: SEC-API-01, SEC-API-04

---
## Related Issues (Security Hardening Pattern)
- #412 — [Infrastructure] Tighten RBAC & DaemonSet security
- #413 — [Infrastructure] Network policies & Vault scoping
- #409 — [Connector] Improve offline match authentication
- #372 — [API] Strengthen request authentication

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[API] Strengthen request authentication and proxy trust validation #372

Summary

Tasks

Impact

Details

Related Issues (Security Hardening Pattern)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[API] Strengthen request authentication and proxy trust validation #372

Description

Summary

Tasks

Impact

Details

Related Issues (Security Hardening Pattern)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions