[Reverse Proxy] Authorization response header being stripped out and replaced with Proxy-Authenticate

[MonDeveloper]

Hi SF Team, we are hosting a thrid party application (a java based identity provider) as guest application. Unfortunately this third party application decided to return the JWT token using a response header "Authorization" (instead of the response body).

If we call the application directly (login WebApi) it works. If we invoke the same login WebApi through the ServiceFabric ReverseProxy the response we receive has no "Authorization" header and it has a new response header named "Proxy-Authenticate" with the same value of the expected "Authorization" set by the java app.

This is a strage behaviour because the standard "Proxy-Authenticate" header should be used to communicate the proxy authentication mode to use, not to return any Token!

So, we are looking a mechanism to avoid the "Authorization" header removal and, if it is possible, to avoid the adding of "Proxy-Authenticate" header. Unfortunately we found NOTHING on the documentation.

We tried playing with the cluster manifest adding the "RemoveServiceResponseHeaders" property to String.Empty but with no effect. We also tried to set the Windows Registry key to forse HTTP.SYS (because we noticed SF RevPRoxy is based on it) to not add Server header, even this time with no effect too.

Thanks in advance, Marco

[MonDeveloper]

any news about it?

[IMCubator-CI]

no answer at all, what a shame. I grown up as a Microsoft kid, but it's hard to stay on this team, starting from the brand new Azure to a planmty list of techologies your support is very poor.