Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exclude configured cookies from proxy passthrough #1911

hueniverse opened this issue Sep 7, 2014 · 1 comment

Exclude configured cookies from proxy passthrough #1911

hueniverse opened this issue Sep 7, 2014 · 1 comment


Copy link

@hueniverse hueniverse commented Sep 7, 2014

Replaces #1813

When passing through headers in proxy requests, exclude any locally configured cookies by default since they are not meant for the upstream server. Allow configuring cookies to be included as an override.

This fixes a security hole of leaking cookies to upstream servers. While it is a breaking change - the fix is correcting a bug and therefore is published as part of a minor release cycle.

Copy link
Contributor Author

@hueniverse hueniverse commented Sep 8, 2014

After some thoughts decided to make this a non breaking change for now. Semver gods must be obeyed! Added a setting to control this which will be changed to false in the next major release.


@hueniverse hueniverse added this to the 6.8.0 milestone Sep 8, 2014
@hueniverse hueniverse self-assigned this Sep 8, 2014
@hueniverse hueniverse mentioned this issue Sep 8, 2014
@geek geek closed this in #1915 Sep 8, 2014
@lock lock bot locked as resolved and limited conversation to collaborators Jan 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

1 participant