Refactoring configs, and I see a list of apps like this:
zuul:
some-service:
path: /someservice/**
serviceId: some-service
stripPrefix: false
sensitiveHeaders: true
Every app has the same last two, so I looked it up to make sure I could just move them up to a common setting, like this:
zuul:
stripPrefix: false
According to this documentation that's great for stripPrefix... but sensitiveHeaders is not a boolean - it's a list, and the default value is Cookie,Set-Cookie,Authorization.
The sensitiveHeaders are a blacklist and the default is not empty, so to make Zuul send all headers (except the "ignored" ones) you would have to explicitly set it to the empty list. This is necessary if you want to pass cookie or authorization headers to your back end.
Needless to say, this confused me. The only places I've been able to find references to using sensitiveHeaders: true are here and here, both posted by the same guy.
As I read it, this just tells Zuul to blacklist any headers named "true". It's effectively similar to leaving the list empty, unless you actually get "true" as a header type.
Can someone confirm that, or educate me on it?
Many thanks.