Misinterpretation of Input
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-115: Misinterpretation of Input |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
When using ReverseProxy with a custom Director function in Go, headers added by the Director can be unintentionally removed before the request is sent. Using ReverseProxy.Rewrite instead ensures headers are preserved as intended.
Impact#
If headers set by the Director are dropped, important context or security controls (such as authentication or tracing headers) may be lost, potentially leading to failed requests or allowing attackers to bypass security checks relying on those headers.