Franz Kafka f284f8dbde Add explicit blocked headers list for security ...

- Define blockedHeaders map for headers that should never be forwarded
- Include Referer, Cookie, X-Forwarded-* headers
- Prevents leaking internal URLs, session data, and client IPs to upstream
- Defensive measure even though no headers are currently copied

2026-04-15 06:48:37 +00:00

9.6 MiB

Executable file

Raw History

View raw