From 0027ff2665828a70024613d77e85bafb316a789f Mon Sep 17 00:00:00 2001
From: Jason Joo <hblzxsj@gmail.com>
Date: Mon, 6 Oct 2025 15:21:29 +0800
Subject: [PATCH] fix: set proper host header before proxying the request

Signed-off-by: Jason Joo <hblzxsj@gmail.com>
---
 internal/ansible/proxy/proxy.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/internal/ansible/proxy/proxy.go b/internal/ansible/proxy/proxy.go
index 4b0a2b2..658abf2 100644
--- a/internal/ansible/proxy/proxy.go
+++ b/internal/ansible/proxy/proxy.go
@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"strings"
 	"sync"
 	"time"
@@ -144,6 +145,8 @@ func Run(done chan error, o Options) error {
 
 	// Remove the authorization header so the proxy can correctly inject the header.
 	server.Handler = removeAuthorizationHeader(server.Handler)
+	// Set the host header so that it matches the host in kubeconfig.
+	server.Handler = setHostHeader(server.Handler, o.KubeConfig)
 
 	if o.OwnerInjection {
 		server.Handler = &injectOwnerReferenceHandler{
@@ -283,6 +286,23 @@ func removeAuthorizationHeader(h http.Handler) http.Handler {
 	})
 }
 
+func setHostHeader(next http.Handler, kubeConfig *rest.Config) http.Handler {
+	host := kubeConfig.Host
+	if host == "" {
+		return next
+	}
+
+	// If host is a URL, extract the host portion
+	if u, err := url.ParseRequestURI(host); err == nil {
+		host = u.Host
+	}
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		req.Header.Set("Host", host)
+		req.Host = host
+		next.ServeHTTP(w, req)
+	})
+}
+
 // Helper function used by recovering dependent watches and owner ref injection.
 func getRequestOwnerRef(req *http.Request) (*kubeconfig.NamespacedOwnerReference, error) {
 	owner := kubeconfig.NamespacedOwnerReference{}