Spring Cloud Gateway - Remove Request Headers from All the routes but one

Question

I am using spring cloud gateway for our application. We have a requirement to remove all the sensitive headers from all the configured routes. I have configured it as follows -

spring:
  cloud:
    gateway:
      default-filters:
        #Remove All the sensitive request headers (Cookie, Set-Cookie & Authorization) while passing request to downstream services
        - RemoveRequestHeader=Cookie
        - RemoveRequestHeader=Set-Cookie
        - RemoveRequestHeader=Authorization

This is working as expected. Now we have requirement to pass Authorization header to only one of the routes. Is there a way to configure this so that I don't have to add 3 RemoveRequestHeader in all the routes?

I have tried to add Authorization request header specifically for one route but it is not working because of ordering of routes. Once the request headers are removed, these can't be re-added.

P.S. - We were using Zuul before migrating to spring cloud gateway & it was possible to do this.

Answer 1

Default filters are all or nothing. To do what you want you need to add the RemoveRequestHeader to each route that needs it, omitting it from those that don't.