From ebdf749a7da9d7c478d7a920664660a67f038e81 Mon Sep 17 00:00:00 2001
From: johha <45264872+johha@users.noreply.github.com>
Date: Thu, 25 Mar 2021 12:04:30 +0100
Subject: [PATCH] Hide user guid header from client

* X-USER-GUID can be used in nginx access logs
  Consumption in nginx conf: 'user_guid=$upstream_http_x_user_guid'

Co-authored-by: Philipp Thun <philippthun@users.noreply.github.com>
---
 jobs/cloud_controller_ng/templates/nginx.conf.erb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/jobs/cloud_controller_ng/templates/nginx.conf.erb b/jobs/cloud_controller_ng/templates/nginx.conf.erb
index a77297df2e..94fb21fac3 100644
--- a/jobs/cloud_controller_ng/templates/nginx.conf.erb
+++ b/jobs/cloud_controller_ng/templates/nginx.conf.erb
@@ -21,6 +21,8 @@ http {
   access_log  /var/vcap/sys/log/cloud_controller_ng/nginx-access.log main;
   access_log  syslog:server=127.0.0.1,severity=info,tag=vcap_nginx_access main;
 
+  proxy_hide_header X-USER-GUID;  #user guid header should not be forwarded to client
+
   sendfile             on;  #enable use of sendfile()
   sendfile_max_chunk   1M;  #make sure not to block on fast clients reading large files
   tcp_nopush           on;