chore: do not forward sensitive headers to Sparkle

author: mo khan <mo@mokhan.ca> 2025-05-28 16:48:57 -0600
committer: mo khan <mo@mokhan.ca> 2025-05-28 16:48:57 -0600
commit: 7edfed201bfbfb477f8cf3a936878fce8a55b25c (patch)
tree: e6b43fc41022305d9c418cfa487262d178a29266 /etc
parent: 60fbfa7411109d0d26f1c8e619205311bb24f62d (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml
index b483fe9..eb4901a 100644
--- a/etc/envoy/envoy.yaml
+++ b/etc/envoy/envoy.yaml
@@ -185,7 +185,7 @@ static_resources:
                               header_name: x-jwt-claim-profile-url
                             - claim_name: picture
                               header_name: x-jwt-claim-picture-url
-                          forward: true
+                          forward: false
                           forward_payload_header: x-jwt-payload
                           from_cookies:
                             - id_token
@@ -219,6 +219,10 @@ static_resources:
                       "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
                       suppress_envoy_headers: true
                 route_config:
+                  request_headers_to_remove:
+                    - authorization
+                    - cookie
+                    - user-agent
                   virtual_hosts:
                     - name: local
                       domains: ["*"]
author	mo khan <mo@mokhan.ca>	2025-05-28 16:48:57 -0600
committer	mo khan <mo@mokhan.ca>	2025-05-28 16:48:57 -0600
commit	7edfed201bfbfb477f8cf3a936878fce8a55b25c (patch)
tree	e6b43fc41022305d9c418cfa487262d178a29266 /etc
parent	60fbfa7411109d0d26f1c8e619205311bb24f62d (diff)