[ https://issues.apache.org/jira/browse/SCB-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16821813#comment-16821813 ]
YaoHaishi commented on SCB-1263: -------------------------------- Agree with wujimin. Since the EdgeService is facing the request from outside, there is a high risk to allow callers outside to inject value into InvocationContext. If users want to receive InvocationContext in such situation, they can easily achieve it by extending a HttpServerFilter. > forward request in edge should not inherit cse-context > ------------------------------------------------------ > > Key: SCB-1263 > URL: https://issues.apache.org/jira/browse/SCB-1263 > Project: Apache ServiceComb > Issue Type: Task > Components: Java-Chassis > Reporter: wujimin > Assignee: YaoHaishi > Priority: Major > Fix For: java-chassis-1.3.0 > > > to avoid attacker to falsify the credentials of other users -- This message was sent by Atlassian JIRA (v7.6.3#76005)