For requests where the content type begins with
"application/grpc-web", envoy will check for a "gdebug-xsrf-token"
cookie and header. The values must both exist, be non empty strings,
and match. If this is not the case, return with a http 401.
It is the responsibility of the proxy and webapp to cooperate and
never make RPCs that it should not make.
For requests where the content type begins with "application/grpc-web", envoy will check for a "gdebug-xsrf-token" cookie and header. The values must both exist, be non empty strings, and match. If this is not the case, return with a http 401.
It is the responsibility of the proxy and webapp to cooperate and never make RPCs that it should not make.