Remove auth credential headers from upstream requests to otel collectors (both the legacy and the new one). (!2407) · Merge requests · GitLab.org / opstrace / GitLab Observability Backend

Pawel Rozlach requested to merge prozlach/remove_auth_creds_from_upstream_req into main Jan 11, 2024

We shouldn't be pushing auth headers to upstream servers unless it is strictly necessary. It is a basic security measure in case somebody gains access to the collector itself.

Related to #2595 (closed)

Edited Jan 12, 2024 by Pawel Rozlach

Remove auth credential headers from upstream requests to otel collectors (both the legacy and the new one).

Merge request reports