-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Understanding zuul.ignoredHeaders and zuul.ignoreSecurityHeaders #1487
Comments
I believe you are correct. Maybe @spencergibb can confirm. I agree the wording in the documentation is confusing. We should at the very least clarify it. |
@ryanjbaxter @spencergibb |
@ryanjbaxter |
@eacdy yes the service behind the proxy |
@here some times zuul is catching data and due to that not getting latest , is there any solution for this? |
@sachinmagar it is not clear what the problem is or if it is even related to this issue. If you are having an issue using Zuul please open an issue and provide as much information as possible describing your problem. |
This module has entered maintenance mode. This means that the Spring Cloud team will no longer be adding new features to the module. We will fix blocker bugs and security issues, and we will also consider and review small pull requests from the community. |
Here's the document from http://cloud.spring.io/spring-cloud-static/Camden.SR2/#_ignored_headers
Ignored Headers
In addition to the per-route sensitive headers, you can set a global value for
zuul.ignoredHeaders
for values that should be discarded (both request and response) during interactions with downstream services. By default these are empty, if Spring Security is not on the classpath, and otherwise they are initialized to a set of well-known "security" headers (e.g. involving caching) as specified by Spring Security. The assumption in this case is that the downstream services might add these headers too, and we want the values from the proxy. To not discard these well known security headers in case Spring Security is on the classpath you can setzuul.ignoreSecurityHeaders
tofalse
. This can be useful if you disabled the HTTP Security response headers in Spring Security and want the values provided by downstream servicesI can not understand these words. Here is my understanding, please tell me whether am I rignt.
zuul.ignoredHeaders
attribute can be used to discard some headers. For example,Setting
zuul.ignoredHeaders = Header1, Header2
, then Header1 and Header2 will not be propagate to any other services.By default, it is empty, but if Spring Security is in classpath, it's values is
The default value of
zuul.ignoreSecurityHeaders
is true, but when I want the value of the headers' values from downstream services we need to set to false.Am I right?
B.T.W, is there any example for using these two attrbutes?
The text was updated successfully, but these errors were encountered: