You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When passing through headers in proxy requests, exclude any locally configured cookies by default since they are not meant for the upstream server. Allow configuring cookies to be included as an override.
This fixes a security hole of leaking cookies to upstream servers. While it is a breaking change - the fix is correcting a bug and therefore is published as part of a minor release cycle.
The text was updated successfully, but these errors were encountered:
After some thoughts decided to make this a non breaking change for now. Semver gods must be obeyed! Added a setting to control this which will be changed to false in the next major release.
Replaces #1813
When passing through headers in proxy requests, exclude any locally configured cookies by default since they are not meant for the upstream server. Allow configuring cookies to be included as an override.
This fixes a security hole of leaking cookies to upstream servers. While it is a breaking change - the fix is correcting a bug and therefore is published as part of a minor release cycle.
The text was updated successfully, but these errors were encountered: