ForwardedHeaderFilter should provide option to "remove" forwarded headers without using them [SPR-15610]

**[Rossen Stoyanchev](https://jira.spring.io/secure/ViewProfile.jspa?name=rstoya05-aop)** opened **[SPR-15610](https://jira.spring.io/browse/SPR-15610?redirect=false)** and commented

Normally the ForwardedHeaderFilter wraps the request in order incorporate the information contained in "forwarded" type headers (e.g. "X-Forwarded-*", "Forwarded") and also "removes" those headers so they are not visible to code after the filter.

It would be easy enough to add a mode where the filter only "removes" but doesn't use the information from the headers. This could be used as a defensive measure to ensure such headers are always ignored if not expected.

---

**Affects:** 4.3.8

**Issue Links:**
- #20171 Improve docs around the use of "Forwarded" and "X-Forwarded-*" headers

**Referenced from:** commits https://github.com/spring-projects/spring-framework/commit/04a96ffa275461c8159e2407120597d51e6a8411, https://github.com/spring-projects/spring-framework/commit/895fa2ea7b272143fef828443686999f635a819a


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ForwardedHeaderFilter should provide option to "remove" forwarded headers without using them [SPR-15610] #20169

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

ForwardedHeaderFilter should provide option to "remove" forwarded headers without using them [SPR-15610] #20169

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions