Header filtered by default
/** * List of sensitive headers that are not passed to downstream requests. Defaults to a * "safe" set of headers that commonly contain user credentials. It's OK to remove * those from the list if the downstream service is part of the same system as the * proxy, so they are sharing authentication data. If using a physical URL outside * your own domain, then generally it would be a bad idea to leak user credentials. */ private Set<String> sensitiveHeaders = new LinkedHashSet<>( Arrays.asList("Cookie", "Set-Cookie", "Authorization"));
zuul: sensitiveHeaders: host: socket-timeout-millis: 60000 connect-timeout-millis: 60000
By showing that the designation is empty, it means that zuul’s filter header list is empty, so it can return normally.
Spring read cookie method
String xxx = WebUtils.getCookie((HttpServletRequest) servletRequest,"your-cookie-name").getValue();