clean_authorization

gafaelfawr.auth.clean_authorization(headers)

Remove Gafaelfawr tokens from Authorization headers.

Parameters:

headers (list[str]) – The Authorization headers of an incoming request, as a list (allowing for the case that the incoming request had multiple headers named Authorization).

Returns:

Any remaining Authorization headers after removing headers containing Gafaelfawr tokens.

Return type:

list of str

Notes

We don’t drop all Authorization because Gafaelfawr may be doing stripping for anonymous routes that may be in front of services doing their own authentication, possibly with authentication types we don’t recognize.