shreemaan-abhishek opened a new pull request, #13433: URL: https://github.com/apache/apisix/pull/13433
### Description When the `opa` plugin is configured with `send_headers_upstream` and the OPA server returns `allow = true` without including one of the configured headers in its response (or without a `headers` field at all), the plugin previously left any incoming request value for that header in place on the upstream call. The intent of `send_headers_upstream` is that the upstream sees only the values OPA returns for those names; the prior behavior diverged from that. This change iterates the configured list and calls `core.request.set_header(ctx, name, value)` for every name in `send_headers_upstream`. When OPA does not return that header, `value` is `nil` and the incoming request header is cleared. The condition no longer short-circuits on a missing `result.headers` field. `t/plugin/opa3.t` covers the case where OPA returns `allow = true` with no `headers` field and a configured header is sent by the client: the upstream must not see the client-supplied value. #### Which issue(s) this PR fixes: Fixes # ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [x] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
