When passing through headers in proxy requests, exclude any locally configured cookies by default since they are not meant for the upstream server. Allow configuring cookies to be included as an override.
This fixes a security hole of leaking cookies to upstream servers. While it is a breaking change - the fix is correcting a bug and therefore is published as part of a minor release cycle.
The text was updated successfully, but these errors were encountered: