Laurence 877363a686 Strip session cookie and query param before forwarding to backend ...

- Add stripSessionCookies() to remove session cookies from Cookie header
  - Add stripSessionParam() to remove session exchange query parameter from URL
  - Call both before forwarding request to backend on valid sessions
  - Backend now only receives user identity via Remote-* headers

2026-03-02 16:48:46 +00:00

14 KiB

Raw Blame History

View Raw