Global Header Rules
Define header rules and execute them in order. The gateway uses forward, insert, rename_duplicate or remove rules to manage headers for subgraphs:
[[headers]]
rule = "forward"
name = "authorization"
[[headers]]
rule = "forward"
name = "x-custom-header"
rename = "y-custom-header"
[[headers]]
rule = "forward"
name = "x-possible-empty"
default = "default-value"Forward multiple headers by using a regular expression.
The engine matches headers in lowercase. Write your regular expression in lowercase, or add a flag to match both lowercase and uppercase letters.
[[headers]]
rule = "forward"
pattern = "^x-custom*"Use the insert rule to add header values:
[[headers]]
rule = "insert"
name = "authorization"
value = "Bearer secret-token"Insert header values from environment variables:
[[headers]]
rule = "insert"
name = "authorization"
value = "Bearer {{ env.AUTHORIZATION_TOKEN }}"Use the remove rule to block header forwarding for headers that match patterns:
[[headers]]
rule = "remove"
name = "x-custom-secret"The rename_duplicate rule forwards the defined header value and copies the value with the specified rename to the subgraphs.
[[headers]]
rule = "rename_duplicate"
name = "x-custom-value"
default = "the value was missing"
rename = "y-custom-value"The gateway forwards two headers to the subgraph with the same value - one named x-custom-value and one named y-custom-value. When a request is missing the x-custom-value header, and you define a default value, the gateway creates both headers using that default value. If you omit the default, the gateway doesn't forward the header or create a duplicate.
These headers don't use header rules:
AcceptAccept-CharsetAccept-EncodingAccept-RangesConnectionContent-LengthContent-TypeKeep-AliveProxy-AuthenticateProxy-AuthorizationTETrailerTransfer-EncodingUpgrade