chore: only strip authorization and cookie headers for authzd

author: mo khan <mo@mokhan.ca> 2025-07-15 13:54:33 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-15 13:54:33 -0600
commit: 25167050dd78b6ed26c7da294ee0a2e6e6639ec6 (patch)
tree: ffc211b13c42b19d2571136261d58fac7d0f48d6
parent: 3256b3a35c1e06cdbbfea7d295b4daf75b007ba9 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml
index bfe2ce16..3d22819e 100644
--- a/etc/envoy/envoy.yaml
+++ b/etc/envoy/envoy.yaml
@@ -137,9 +137,6 @@ static_resources:
                       suppress_envoy_headers: true
                 route_config:
                   name: local_route
-                  request_headers_to_remove:
-                    - authorization
-                    - cookie
                   response_headers_to_add:
                     - header:
                         key: "x-content-type-options"
@@ -160,6 +157,9 @@ static_resources:
                           route:
                             cluster: authzd
                             timeout: 30s
+                          request_headers_to_remove:
+                            - authorization
+                            - cookie
                         # Default route - everything else goes to SpiceDB
                         - match:
                             prefix: "/"
author	mo khan <mo@mokhan.ca>	2025-07-15 13:54:33 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-15 13:54:33 -0600
commit	25167050dd78b6ed26c7da294ee0a2e6e6639ec6 (patch)
tree	ffc211b13c42b19d2571136261d58fac7d0f48d6
parent	3256b3a35c1e06cdbbfea7d295b4daf75b007ba9 (diff)