@Alahdal Thank you for the help here! I can confirm that the fix in my case was exactly what you mentioned and @JustinG confirmed.
RequestHeader set Authorization ""
needs to be replaced with ( Note you no longer need the " " at the end)
RequestHeader unset Authorization
My current working config is as follows.
<VirtualHost *:444>
ServerName xyz.example.com
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
ProxyPreserveHost on
ProxyPass / http://10.0.0.1:8080/
ProxyPassReverse / http://10.0.0.1:8080/
Header set Set-Cookie "X-OPENHAB-AUTH-HEADER=1"
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
RequestHeader unset Authorization
<Location />
AuthType Basic
AuthName "xyz.example.com 444 "
AuthUserFile /etc/apache2/.passwd
Require valid-user
Allow from 10.0.0.0/255.255.255.0
</Location>
</VirtualHost>
The following line doesn’t seem to make any difference but I left it in just in case it impacts something I am not seeing.
Header set Set-Cookie "X-OPENHAB-AUTH-HEADER=1"
I will post this in github and close out the bug report…