diff --git a/docs/docfx/articles/header-guidelines.md b/docs/docfx/articles/header-guidelines.md index 95209c3d1..8f0d996b7 100644 --- a/docs/docfx/articles/header-guidelines.md +++ b/docs/docfx/articles/header-guidelines.md @@ -9,7 +9,7 @@ Headers are a very important part of processing HTTP requests and each have thei ## YARP header filtering -YARP automatically removes request and response headers that could impact its ability to forward a request correctly, or that may be used maliciously to bypass features of the proxy. A complete list can be found [here](https://github.com/microsoft/reverse-proxy/blob/b0a24521b269c030c50617f9fc56be9b8a3fe247/src/ReverseProxy/Forwarder/RequestUtilities.cs#L65-L81), with some highlights described below. +YARP automatically removes request and response headers that could impact its ability to forward a request correctly, or that may be used maliciously to bypass features of the proxy. A complete list can be found [here](https://github.com/microsoft/reverse-proxy/blob/main/src/ReverseProxy/Forwarder/RequestUtilities.cs#L63), with some highlights described below. ### Connection, KeepAlive, Close diff --git a/src/ReverseProxy/Forwarder/RequestUtilities.cs b/src/ReverseProxy/Forwarder/RequestUtilities.cs index 25f335603..ee21673c6 100644 --- a/src/ReverseProxy/Forwarder/RequestUtilities.cs +++ b/src/ReverseProxy/Forwarder/RequestUtilities.cs @@ -60,7 +60,7 @@ internal static bool ShouldSkipResponseHeader(string headerName) return _headersToExclude.Contains(headerName); } - private static readonly HashSet _headersToExclude = new(17, StringComparer.OrdinalIgnoreCase) + private static readonly HashSet _headersToExclude = new(18, StringComparer.OrdinalIgnoreCase) { HeaderNames.Connection, HeaderNames.TransferEncoding, @@ -79,6 +79,7 @@ internal static bool ShouldSkipResponseHeader(string headerName) HeaderNames.UpgradeInsecureRequests, HeaderNames.TE, HeaderNames.AltSvc, + HeaderNames.StrictTransportSecurity, }; // Headers marked as HttpHeaderType.Content in diff --git a/test/ReverseProxy.Tests/Forwarder/HttpTransformerTests.cs b/test/ReverseProxy.Tests/Forwarder/HttpTransformerTests.cs index a52331bb5..e07d15e64 100644 --- a/test/ReverseProxy.Tests/Forwarder/HttpTransformerTests.cs +++ b/test/ReverseProxy.Tests/Forwarder/HttpTransformerTests.cs @@ -33,6 +33,7 @@ public class HttpTransformerTests HeaderNames.UpgradeInsecureRequests, HeaderNames.TE, HeaderNames.AltSvc, + HeaderNames.StrictTransportSecurity, }; [Fact]