April 2018
Intermediate to advanced
432 pages
10h 38m
English
You may be a little surprised if you set, for example, the Authorization HTTP header in the request and it isn't forwarded to the downstream service. This is because Zuul defines a default list of sensitive headers, which are removed during the routing process. These are the headers Cookie, Set-Cookie, and Authorization. This feature has been designed with a view to communicate with external servers. While there is no objection to sharing headers between services in the same system, it is not recommended to share them with external servers for security reasons. This approach may be customized by overriding default values for the sensitiveHeaders property. It may be set globally for all routes or just for a single route. The ...