github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 17:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: remove custom header for id_token

Browse Source 
This isn't really needed, and might cause headaches if headers are
proxied further downstream and logged by components that do not
properly mask or redact its contents.
This commit is contained in:
Trong Huu Nguyen
2022-01-06 09:58:17 +01:00
parent c311f46219
commit 2d4ced719f
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/router/handler_default.go
View File

@@ -44,7 +44,6 @@ func (h *Handler) Default(w http.ResponseWriter, r *http.Request) {
func modifyRequest(dst, src *http.Request, upstreamHost string) {
// Delete incoming authentication
dst.Header.Del("authorization")
dst.Header.Del("X-Wonderwall-ID-Token")
// Instruct http.ReverseProxy to not modify X-Forwarded-For header
dst.Header["X-Forwarded-For"] = nil
// Request should go to correct host
@@ -58,5 +57,4 @@ func modifyRequest(dst, src *http.Request, upstreamHost string) {
func withAuthentication(dst *http.Request, sessionData *session.Data) {
dst.Header.Add("authorization", "Bearer "+sessionData.AccessToken)
dst.Header.Add("X-Wonderwall-ID-Token", sessionData.IDToken)
}