From de71608b8cc4ff5d88ef60150c66523ba73c19a4 Mon Sep 17 00:00:00 2001
From: Ruben Barilani <ruben.barilani.dev@gmail.com>
Date: Wed, 22 Jul 2020 10:02:08 +0200
Subject: [PATCH] feat: add and whitelist X-Consumer-* zalando proprietary
 headers #594

related to https://github.com/zalando/restful-api-guidelines/issues/594
---
 .../src/main/resources/reference.conf                      | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/server/zally-ruleset-zalando/src/main/resources/reference.conf b/server/zally-ruleset-zalando/src/main/resources/reference.conf
index 5456a4f38..aec053a4e 100644
--- a/server/zally-ruleset-zalando/src/main/resources/reference.conf
+++ b/server/zally-ruleset-zalando/src/main/resources/reference.conf
@@ -3,7 +3,7 @@
 HttpHeadersRule {
   whitelist: [ETag, TSV, TE, Content-MD5, DNT, X-ATT-DeviceId, X-UIDH, X-Request-ID, X-Correlation-ID,
     WWW-Authenticate, X-XSS-Protection, X-Flow-ID, X-UID, X-Tenant-ID, X-Device-OS, X-Trace-ID,
-    X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset]
+    X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Consumer, X-Consumer-Signature, X-Consumer-Key-ID]
 }
 
 LimitNumberOfResourcesRule {
@@ -198,7 +198,10 @@ ProprietaryHeadersRule {
     "X-Mobile-Advertising-ID",
     "X-RateLimit-Limit",
     "X-RateLimit-Remaining",
-    "X-RateLimit-Reset"
+    "X-RateLimit-Reset",
+    "X-Consumer",
+    "X-Consumer-Signature",
+    "X-Consumer-Key-ID"
   ]
 }