> Given the above, I believe the interpretation of X-F5-Auth-Token should
> be that it is an end-to-end header, and should therefore NOT be removed
> from the proxied request.
>
> The text does say "All other headers *defined by HTTP/1.1* are
> end-to-end headers" (emphasis mine, of course), and the X-F5-Auth-Token
> header isn't defined by HTTP/1.1 (it's a custom one), but I think the
> definition of specific hop-by-hop headers implies that *all* other
> headers should be considered end-to-end.

I don't think that interpretation can be squared with e.g.

https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.1
https://datatracker.ietf.org/doc/html/rfc7230#section-6.1

Reply via email to