@dsyer @spencergibb
I configed my zuul
zuul:
sensitiveHeaders: ''But zuul still remove header: "WWW-Authenticate" in response.
what's wrong here ?
I could be wrong, but I believe sensitiveHeaders will strip the authorization, cookie, and set-cookie headers by default, not www-authenticate
Yes. What makes you think this header is in the response from the backend?
Also you can use the /trace endpoint if you're using actuator to verify
Here is zuul trace
http://prntscr.com/c1t6oa
http://prntscr.com/c1t6oa
The zuul trace shows the
www-authenticate headers in the response.
You could always do a packet capture with wireshark or something to be 100% certain
But client can't get it.
Use directly it's ok
http://prntscr.com/c1t694
But by zuul
Many header removed
http://prntscr.com/c1t5uf
Use directly it's ok
http://prntscr.com/c1t694
But by zuul
Many header removed
http://prntscr.com/c1t5uf
Like: Date, Pragma, X-Content-Type-Options,X-Frame-Options,X-XSS-Protection
I can't replicate that. I'm getting back the same headers from zuul that I am directly from my service.
What's your cloud netflix version ?
I still don't understand why many headers were removed by zuul :worried:
I debug spring-cloud-netflix-core, and in SendResponseFilter, it still has "WWW-Authenticate" in header
http://prntscr.com/c1wkfs
But in client by curl, it was removed :worried:
http://prntscr.com/c1wlfh
Where was it removed ? :worried:
http://prntscr.com/c1wkfs
But in client by curl, it was removed :worried:
http://prntscr.com/c1wlfh
Where was it removed ? :worried:
how can i intercept a FeignClient reponse before interface methods impl.?
i would stg like a HandlerInterceptorAdapter() , so i can inspect the reponse HttpServletResponse
i wood like to have it for one FeignClient only
is the current Spring Cloud Javadoc published anywhere?
In jars.
not what I meant ;)