Understanding zuul.ignoredHeaders and zuul.ignoreSecurityHeaders

[eacdy]

Here's the document from http://cloud.spring.io/spring-cloud-static/Camden.SR2/#_ignored_headers

Ignored Headers

In addition to the per-route sensitive headers, you can set a global value for zuul.ignoredHeaders for values that should be discarded (both request and response) during interactions with downstream services. By default these are empty, if Spring Security is not on the classpath, and otherwise they are initialized to a set of well-known "security" headers (e.g. involving caching) as specified by Spring Security. The assumption in this case is that the downstream services might add these headers too, and we want the values from the proxy. To not discard these well known security headers in case Spring Security is on the classpath you can set zuul.ignoreSecurityHeaders to false. This can be useful if you disabled the HTTP Security response headers in Spring Security and want the values provided by downstream services

I can not understand these words. Here is my understanding, please tell me whether am I rignt.

• zuul.ignoredHeaders attribute can be used to discard some headers. For example,

Setting zuul.ignoredHeaders = Header1, Header2 , then Header1 and Header2 will not be propagate to any other services.

By default, it is empty, but if Spring Security is in classpath, it's values is

Pragma,Cache-Control,X-Frame-Options,X-Content-Type-Options,X-XSS-Protection,Expires

The default value of zuul.ignoreSecurityHeaders is true, but when I want the value of the headers' values from downstream services we need to set to false.

Am I right?
B.T.W, is there any example for using these two attrbutes?

[ryanjbaxter]

I believe you are correct. Maybe @spencergibb can confirm.

I agree the wording in the documentation is confusing. We should at the very least clarify it.

[eacdy]

@ryanjbaxter @spencergibb
Thank you very much.

[eacdy]

@ryanjbaxter
B.T.W, what's the downstream service?
I think it means the intenal microserivces behind the zuul proxy?Am I right?

[ryanjbaxter]

@eacdy yes the service behind the proxy

[sachinmagar]

@here some times zuul is catching data and due to that not getting latest , is there any solution for this?

[ryanjbaxter]

@sachinmagar it is not clear what the problem is or if it is even related to this issue. If you are having an issue using Zuul please open an issue and provide as much information as possible describing your problem.

[OlgaMaciaszek]

This module has entered maintenance mode. This means that the Spring Cloud team will no longer be adding new features to the module. We will fix blocker bugs and security issues, and we will also consider and review small pull requests from the community.