Initial checklist

• I understand this is a bug report and questions should be posted in the Community Forum
• I searched issues and couldn’t find anything (or linked relevant results below)

Link to runnable example

No response

Steps to reproduce

• Set up a companion with the Dropbox provider.
• Use Drobpox to list and then upload a file.
• The request from the server to the upload endpoint is not authenticated.

The code running here:

results in request where all cookies or other headers are not forwarded e.g.

{
  req: {
    host: 'example.com',
    'x-real-ip': '172.77.0.4',
    'x-forwarded-for': '172.77.0.4',
    'x-forwarded-host': 'example.com',
    'x-forwarded-proto': 'https',
    'x-forwarded-ssl': 'on',
    'x-forwarded-port': '443',
    'x-original-uri': '/media/upload/posts',
    'transfer-encoding': 'chunked',
    'user-agent': 'got (https://github.com/sindresorhus/got)',
    'content-type': 'multipart/form-data; boundary=form-data-boundary-n828qkckles32nlu',
    'accept-encoding': 'gzip, deflate, br'
  },
  cookies: [Object: null prototype] {},
  path: '/media/upload/posts',
  method: 'POST'
}

Expected behavior

Hard to tell, but either it's possible to pass in a secret that gets injected as a header so we can validate it or enable another way of authenticating the endpoint instead of having it open.

Actual behavior

The request from the server to the upload endpoint is not authenticated.

I'm happy to contribute a fix if you let me know which direction you would like to go.