search

spring-cloud / spring-cloud-gateway

An API Gateway built on Spring Framework and Spring Boot providing routing and more.
http://cloud.spring.io
Apache License 2.0
4.54k stars 3.33k forks source link

RemoveRequestHeaderIfnoExisted #3499

Open PheaSoy opened 3 months ago

PheaSoy commented 3 months ago

RemoveRequestHeader if it doesn't exist in the config. I would like to allow my clients are connecting to my backend via SCG and only send the headers to downstream from available to the configuration, otherwise remove it from the request.

RemoveRequestHeaderGatewayFilter Using the RemoveRequestHeaderGatewayFilter is not ok, while the clients always send different key. All the key, that want to remove, it is consider to input or predefine in the config.

RemoveRequestHeaderIfNotExisted Possible, if we could have a filter to remove all headers if there are doesn't exist in the config. So it is allows SCG to control the minimum request header to send to downstream services which good and enhance some security reason.


  cloud:
    gateway:
      default-filters:
        #Remove All the sensitive request headers (Cookie, Set-Cookie & Authorization) while passing request to downstream services
        - RemoveRequestHeaderIfNotExisted=Cookie, Token, USER_ID, CHANNEL
spencergibb commented 1 month ago

I'm not sure how many folks would want this. Marking for votes