Keerthan Ekbote

The client has tried to passthrough the `:path` header by using the following http passthrough configuration: ```yaml allowedHeaders: - ":path" ``` however, ext-auth-service returns back 403s, when he does this....

> Source code isn't obtainable from debug symbols, but a skilled programmer could rewrite an application's logic given the debug symbols and a lot of time. https://stackoverflow.com/questions/5532415/obtain-source-using-debugging-symbols#:~:text=The%20easy%20answer%20is%20No%2C%20you%20can't.

@mattfarina Could we get a review on this?

Looks like the error is being caused by this function returning `nil` when the content response type is not application/json: https://github.com/solo-io/solo-projects/blob/main/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/translate_oas.go#L390-L407 It may be worth getting the openapi from the...

For the record, I believe this does not propose any security challenges (e.g. RBAC bypass) because this won't work in cluster when trying to install [istio with the operator](https://istio.io/latest/docs/setup/install/operator/#install-istio-with-the-operator). Seems...

/retest

i've gotten pulled off onto something else, hope to get back to this but for now won't be working on this.