Hello, our kratos is setup in an environment with an identity access proxy to access the service. This proxy checks for an Authorization header, which is not removed afterwards. Most public kratos api calls work fine, such as /sessions/whoami (with Session in cookie), but /self-service/logout fails. If i call the same path without Authorization header, everything works fine again. So in our requests, both Authorization and Cookie header are present, but only the Cookie header should be considered by kratos
tldr; depending on the API call, kratos seems to prioritise different headers to check for a session,
or the logout is checking them all? Although in the code i could not immediately find a reference to this. It was pretty confusing to figure this out 😄 Right now I am using another solution to get around this problem but what is the intention with this in Kratos, or is this a bug?