I am using Kong Request Transformer plugin to remove Authorization header from the original request.
I have configured plugin with as below:
curl -i -X POST http://kong:8001/routes/my-route/plugins --data “name=request-transformer” --data “config.remove.headers=Authorization”
However it is not removing Authorization header on the upstream.
I have tried to add and remove a random header and it works:
Do you have any other plugins enabled for your Kong configuration? What does your request to Kong looks like?
No, I have disabled the rest of the plugins.
My request is:
curl -i -X POST -H “Authorization: Basic eGk6cGFzc3dvcmQ=” -H “custom-header: test” -H “Content-Type: multipart/related” --url http://kong:8000/my-route-url
Looks like Basic-Authentication plugin has a flag ‘config.hide_credentials’ which will remove the credentials when proxying to upstream.
So after enabling Basic-Authentication plugin and the ‘config.hide_credentials’ flag it works!
May be Request Transformer plugin on purpose not removing the header as it is provided with Basic-Authentication plugin?