CheckJWT should use net/http.Request.Clone

[josharian]

CheckJWT makes a shallow copy of the inbound request near the end of the function in order to set a new context.

In the context of reverse proxies, this can cause trouble. See golang/go#20068 and golang/go#23544.

The preferred way to modify the context of an inbound request is net/http.Request.Clone.

[sergiught]

We just released the v2.0.0-beta 🥳 !

You can start testing it by running go get github.com/auth0/go-jwt-middleware/v2@v2.0.0-beta.

In case of issues fetching the v2 you might want to try go clean --modcache first before doing go get.

I'm closing this issue as now this is part of v2, but feel free to reopen if needed.