Add a test for: auth is required, but Authorization must be deleted.
In order to avoid return(pass) in builtin vcl_recv when req.http.Authorization is present -- if the backends don't need the header, it can be deleted. But we need to make sure that it isn't removed before the auth protocol is executed.
Showing
Please register or sign in to comment