You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#2597 describes how, when an https ingress is configured, the inbound proxy is skipped in favor of TCP forwarding, so the headers set by the outbound proxy are not properly scrubbed, and ingress routers typically forward them blindly to external clients.
We should allow applications to opt-in to these headers at inject-time, and we should enable this by default for the control plane.
The text was updated successfully, but these errors were encountered:
#2597 describes how, when an https ingress is configured, the inbound proxy is skipped in favor of TCP forwarding, so the headers set by the outbound proxy are not properly scrubbed, and ingress routers typically forward them blindly to external clients.
We should allow applications to opt-in to these headers at inject-time, and we should enable this by default for the control plane.
The text was updated successfully, but these errors were encountered: