Open TaridaGeorge opened 2 months ago
Thank you for the PR! These two changes should probably go into two separate PRs as they are distinct from each other.
- Add the Authorization Header to the gRPC OutgoingContext in order to make use of it directly from the gRPC headers.
This should not be enabled by default as it allows a user to smuggle an arbitrary header value to the gRPC backend, which can have unintended consequences. Header forwarding should be an opt-in feature and even then be customizable to allow the administrator to select headers to be forwarded. Overall, I am thinking about an option that is similar to the -hooks-http-forward-headers
flag that exists for HTTP hooks.
This PR adds the following things: