These are chat archives for spring-cloud/spring-cloud

5th
Aug 2016
hacbq
@hacbq
Aug 05 2016 01:17

@dsyer @spencergibb
I configed my zuul

zuul:
  sensitiveHeaders: ''

But zuul still remove header: "WWW-Authenticate" in response.
what's wrong here ?

Josh Fix
@joshfix
Aug 05 2016 03:38
I could be wrong, but I believe sensitiveHeaders will strip the authorization, cookie, and set-cookie headers by default, not www-authenticate
Dave Syer
@dsyer
Aug 05 2016 03:39
Yes. What makes you think this header is in the response from the backend?
Josh Fix
@joshfix
Aug 05 2016 03:46
Also you can use the /trace endpoint if you're using actuator to verify
hacbq
@hacbq
Aug 05 2016 03:47
My raw request is
http://prntscr.com/c1t694
And request by zuul is
http://prntscr.com/c1t5uf
Here is zuul trace
http://prntscr.com/c1t6oa
Josh Fix
@joshfix
Aug 05 2016 04:05
The zuul trace shows the
www-authenticate headers in the response.
You could always do a packet capture with wireshark or something to be 100% certain
hacbq
@hacbq
Aug 05 2016 04:09
But client can't get it.
Use directly it's ok
http://prntscr.com/c1t694
But by zuul
Many header removed
http://prntscr.com/c1t5uf
Like: Date, Pragma, X-Content-Type-Options,X-Frame-Options,X-XSS-Protection
Josh Fix
@joshfix
Aug 05 2016 04:52
I can't replicate that. I'm getting back the same headers from zuul that I am directly from my service.
hacbq
@hacbq
Aug 05 2016 05:27
What's your cloud netflix version ?
hacbq
@hacbq
Aug 05 2016 07:48
I still don't understand why many headers were removed by zuul :worried:
hacbq
@hacbq
Aug 05 2016 10:17
I debug spring-cloud-netflix-core, and in SendResponseFilter, it still has "WWW-Authenticate" in header
http://prntscr.com/c1wkfs
But in client by curl, it was removed :worried:
http://prntscr.com/c1wlfh
Where was it removed ? :worried:
Fabian Wallwitz
@cforce
Aug 05 2016 14:32
how can i intercept a FeignClient reponse before interface methods impl.?
i would stg like a HandlerInterceptorAdapter() , so i can inspect the reponse HttpServletResponse
i wood like to have it for one FeignClient only
Matt Benson
@mbenson
Aug 05 2016 16:32
is the current Spring Cloud Javadoc published anywhere?
Dave Syer
@dsyer
Aug 05 2016 18:34
In jars.
Matt Benson
@mbenson
Aug 05 2016 20:09
not what I meant ;)