Reputation: 71
How to remove the response header, such as Access-Control-Allow-Origin, Access-Control-Allow-Credentials
I know that the zuul gateway can be removed by configuration, but how is springcloud-gateway implemented?
zuul: sensitive-headers: Cookie,Set-Cookie ignored-headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Upvotes: 3
Views: 5765
Answers (1)
Reputation: 368
It can be done with RemoveRequestHeaderGatewayFilterFactory or RemoveResponseHeaderGatewayFilterFactory or RemoveHopByHopHeadersFilter.
Please check spring-cloud-gateway guide. Choose a filter that fits your use case.
you can configure like below.
# RemoveHopByHopHeadersFilter
spring.cloud.gateway.filter.remove-hop-by-hop:
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
# RemoveResponseHeaderGatewayFilterFactory
spring:
cloud:
gateway:
routes:
- id: test-route
uri: http://test.org
filters:
- RemoveResponseHeader= Access-Control-Allow-Origin
RemoveHopByHopHeadersFilter is applied to all routes by default. But If you want to apply RemoveRequestHeaderGatewayFilterFactory or RemoveResponseHeaderGatewayFilterFactory to all routes, you have to set spring.cloud.gateway.default-filters property.
Upvotes: 4
Related Questions
- How to set Access-Control-Allow-Origin when using @RestController?
- Set response header in Spring Boot
- Spring Cloud Gateway - Remove Request Headers from All the routes but one
- How to disable or remove Allow response header from OPTIONS?
- How do I remove certain HTTP headers added by Spring's RestTemplate?
- How to Add Spring Security HTTP Response Headers
- Remove HTTP Strict Transport Security (HSTS) response header in spring oauth2 token API
- spring security - how to remove cache control in certain url pattern
- Spring HttpSecurity overwrite response header
- Add headers to oauth/token response (spring-security)