diff options
| author | mo khan <mo@mokhan.ca> | 2025-05-28 16:48:57 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-05-28 16:48:57 -0600 |
| commit | 7edfed201bfbfb477f8cf3a936878fce8a55b25c (patch) | |
| tree | e6b43fc41022305d9c418cfa487262d178a29266 /etc/envoy | |
| parent | 60fbfa7411109d0d26f1c8e619205311bb24f62d (diff) | |
chore: do not forward sensitive headers to Sparkle
Diffstat (limited to 'etc/envoy')
| -rw-r--r-- | etc/envoy/envoy.yaml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml index b483fe9..eb4901a 100644 --- a/etc/envoy/envoy.yaml +++ b/etc/envoy/envoy.yaml @@ -185,7 +185,7 @@ static_resources: header_name: x-jwt-claim-profile-url - claim_name: picture header_name: x-jwt-claim-picture-url - forward: true + forward: false forward_payload_header: x-jwt-payload from_cookies: - id_token @@ -219,6 +219,10 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router suppress_envoy_headers: true route_config: + request_headers_to_remove: + - authorization + - cookie + - user-agent virtual_hosts: - name: local domains: ["*"] |