These are chat archives for spring-cloud/spring-cloud

5th
Aug 2016
hacbq
@hacbq
Aug 05 2016 01:17 UTC

@dsyer @spencergibb
I configed my zuul

zuul:
  sensitiveHeaders: ''

But zuul still remove header: "WWW-Authenticate" in response.
what's wrong here ?

Josh Fix
@joshfix
Aug 05 2016 03:38 UTC
I could be wrong, but I believe sensitiveHeaders will strip the authorization, cookie, and set-cookie headers by default, not www-authenticate
Dave Syer
@dsyer
Aug 05 2016 03:39 UTC
Yes. What makes you think this header is in the response from the backend?
Josh Fix
@joshfix
Aug 05 2016 03:46 UTC
Also you can use the /trace endpoint if you're using actuator to verify
hacbq
@hacbq
Aug 05 2016 03:47 UTC
My raw request is
http://prntscr.com/c1t694
And request by zuul is
http://prntscr.com/c1t5uf
Here is zuul trace
http://prntscr.com/c1t6oa
Josh Fix
@joshfix
Aug 05 2016 04:05 UTC
The zuul trace shows the
www-authenticate headers in the response.
You could always do a packet capture with wireshark or something to be 100% certain
hacbq
@hacbq
Aug 05 2016 04:09 UTC
But client can't get it.
Use directly it's ok
http://prntscr.com/c1t694
But by zuul
Many header removed
http://prntscr.com/c1t5uf
Like: Date, Pragma, X-Content-Type-Options,X-Frame-Options,X-XSS-Protection
Josh Fix
@joshfix
Aug 05 2016 04:52 UTC
I can't replicate that. I'm getting back the same headers from zuul that I am directly from my service.
hacbq
@hacbq
Aug 05 2016 05:27 UTC
What's your cloud netflix version ?
hacbq
@hacbq
Aug 05 2016 07:48 UTC
I still don't understand why many headers were removed by zuul :worried:
hacbq
@hacbq
Aug 05 2016 10:17 UTC
I debug spring-cloud-netflix-core, and in SendResponseFilter, it still has "WWW-Authenticate" in header
http://prntscr.com/c1wkfs
But in client by curl, it was removed :worried:
http://prntscr.com/c1wlfh
Where was it removed ? :worried:
Fabian Wallwitz
@cforce
Aug 05 2016 14:32 UTC
how can i intercept a FeignClient reponse before interface methods impl.?
i would stg like a HandlerInterceptorAdapter() , so i can inspect the reponse HttpServletResponse
i wood like to have it for one FeignClient only
Matt Benson
@mbenson
Aug 05 2016 16:32 UTC
is the current Spring Cloud Javadoc published anywhere?
Dave Syer
@dsyer
Aug 05 2016 18:34 UTC
In jars.
Matt Benson
@mbenson
Aug 05 2016 20:09 UTC
not what I meant ;)