We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sec-
The gateway is removing all the sec- headers before passing them to the final application: https://github.com/georchestra/georchestra-gateway/blob/main/gateway/src/main/java/org/georchestra/gateway/filter/headers/RemoveSecurityHeadersGatewayFilterFactory.java#L50
This may not be desired because there are many official sec- headers useful for the applications, here is a list from MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
I think we should modify the regex and whitelist the official sec- headers.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
The gateway is removing all the sec- headers before passing them to the final application: https://github.com/georchestra/georchestra-gateway/blob/main/gateway/src/main/java/org/georchestra/gateway/filter/headers/RemoveSecurityHeadersGatewayFilterFactory.java#L50
This may not be desired because there are many official
sec-
headers useful for the applications, here is a list from MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-DestI think we should modify the regex and whitelist the official
sec-
headers.The text was updated successfully, but these errors were encountered: