From 2d4ced719f2334cabdd9e56c587105c56b295fa2 Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Date: Thu, 6 Jan 2022 09:58:17 +0100
Subject: [PATCH] feat: remove custom header for id_token

This isn't really needed, and might cause headaches if headers are
proxied further downstream and logged by components that do not
properly mask or redact its contents.
---
 pkg/router/handler_default.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkg/router/handler_default.go b/pkg/router/handler_default.go
index a06146e..4042cd9 100644
--- a/pkg/router/handler_default.go
+++ b/pkg/router/handler_default.go
@@ -44,7 +44,6 @@ func (h *Handler) Default(w http.ResponseWriter, r *http.Request) {
 func modifyRequest(dst, src *http.Request, upstreamHost string) {
 	// Delete incoming authentication
 	dst.Header.Del("authorization")
-	dst.Header.Del("X-Wonderwall-ID-Token")
 	// Instruct http.ReverseProxy to not modify X-Forwarded-For header
 	dst.Header["X-Forwarded-For"] = nil
 	// Request should go to correct host
@@ -58,5 +57,4 @@ func modifyRequest(dst, src *http.Request, upstreamHost string) {
 
 func withAuthentication(dst *http.Request, sessionData *session.Data) {
 	dst.Header.Add("authorization", "Bearer "+sessionData.AccessToken)
-	dst.Header.Add("X-Wonderwall-ID-Token", sessionData.IDToken)
 }