spring-cloud/spring-cloud-gateway

Provide an easy method to disable all secure-headers

Open

#2,932 opened on Apr 20, 2023

View on GitHub
 (1 comment) (0 reactions) (0 assignees)Java (3,204 forks)batch import
enhancementhelp wanted

Repository metrics

Stars
 (4,284 stars)
PR merge metrics
 (Avg merge 2d 2h) (15 merged PRs in 30d)

Description

Is your feature request related to a problem? Please describe. Some users want to disable all secure-headers, but the current method requires listing all headers one by one, which is not trivial and not complete in case that in some future a new header is added. Even if that possibility is remote.

Describe the solution you'd like I'd like to be able to disable all in a concise way, my proposal is to provide an all flag like.

spring.cloud.gateway.filter.secure-headers.disable=all

This should not overlap with any other secure header, or just to be sure and make uses well aware of the implications, we could use all-headers.

Describe alternatives you've considered The feature is already possible, as exposed, this is a matter of convenience and future-proof.

Additional context n/a

Contributor guide