Remote Schema Schema vs. Query Additional Header and Permissions

[Kaelten]

tl;dr: I suggest creating two sets of header settings for remote schema. One that is only used when inspecting the remote schema and another that would be used on every request (these are the ones that exist).

Current State

In my use case I want to put one hasura instance behind another as a remote schema.

Right now that's meant me setting up additional headers like this, otherwise the remote schema isn't fully visible.

Short coming

The best I can tell, this works, but results in the authentication being completely bypassed on the remote service. I'm concerned this creates an unnecessary risk vector.

If I'm misunderstanding something, I'd love to know.

Proposal

From what I can tell, forwarding the Authorization header is more than sufficient for normal operations and the only time the x-hasura-admin-secret and x-hasura-role headers are actually needed is during the remote schema reload/inspection.

In that vein I'd like to request that a separate set of headers just for that function are used while they're not sent on every request.

[tirumaraiselvan]

Related feature request here:#4890