Skip to main content

Module forward_headers

Module forward_headers 

Source
Expand description

The client-to-upstream header forwarding policy.

When the proxy forwards a request to a cluster it rebuilds the request from scratch, so by default only the headers it manages (content type, trace) reach the upstream. For a sidecar/transparent deployment that is too lossy: the client’s own headers (custom routing hints, Authorization, vendor tracing like B3, …) should travel through. This module computes the forwarded set: every client header except the ones that are unsafe to relay verbatim.

Two strip lists:

  • Mandatory (never forwarded, not configurable): hop-by-hop headers (RFC 9110 §7.6.1) plus host and content-length, because the proxy re-frames the request to a different upstream and may rewrite the body, so the client’s framing headers would be wrong.
  • Configured deny (header_forwarding.deny): an operator’s case-insensitive list, e.g. add authorization to keep the client credential from reaching the cluster. Empty by default (pass-all, the sidecar-trust default).

Trace headers (traceparent/tracestate) ride through here like any other client header; whether the proxy overrides them with its own span is decided separately at dispatch (only when span export is on), so a transparent proxy passes the client’s tracing through untouched.

Structs§

ForwardPolicy
The forwarding policy: whether to forward client headers at all, and which to drop on top of the mandatory hop-by-hop/framing set.