rcbandit111
commented
4 days ago @spencergibb any thoughts on this one?
Open rcbandit111 opened 4 days ago
rcbandit111
commented
4 days ago @spencergibb any thoughts on this one?
I have Spring Gateway 2023.0.3 project which I want to configure to limit only internally to forward headers from network requests. Example request:
API client -> Spring gateway -> Spring Authorization server After that Spring gateway gets Bearer token and makes requests to internal microservices.
Into very old version of Spring gateway it's working fine. But now request is not forwarded properly - Authorization header is missing. I need to add and allow CustomAuthorizationFilter. It's a security issue because external API clients should not be allowed to pass requests with Bearer token. Do you know what are the possible solutions?
Into old Spring Gateway version 2.2.1.RELEASE I don't have this issue.
P.S I send a custom API request with 2 Authorization headers to internal microservices. Is it possible that second Authorization header is overridden?