Due to security requirements, I need to remove the x-kong headers from the response by setting KONG_HEADERS=off.
However, I still need to retain the requestId functionality by adding it as a custom header (e.g., request-id) and also including it in plugin logs for debugging purposes.
My Questions:
How can I access the Kong requestId from within my custom plugin?
Is there a recommended way to add this requestId to a custom header while keeping
Hello @shauliriger , thank you for your questions!
Am I right that you’re attempting to keep the Request ID header but omit the latency tokens? If that is the case, perhaps setting KONG_HEADERS=X-Kong-Request-Id (instead of off) would achieve the desired result, could you give that a try?
I appreciate the suggestion. However, my current setup has KONG_HEADERS=off as required by our security guidelines. What I’m specifically trying to achieve is accessing the requestId within my custom plugin. The goal is to log this requestId and add it to the response header under a different name, such as request-id.
Is there a way to access the requestId from within the plugin under these conditions?
This is equivalent to setting KONG_HEADERS=X-Kong-Request-Id, except for the name of the header, because by specifying what header is set, Kong will only inject that one (in this case, the request ID).
The custom plugin may allow specifying advanced logic to decide when to inject the header, but keep in mind that you would be accessing the request ID through an internal module since this is currently not exposed via the PDK, so this interface might change in the future without notice and potentially break your logic.