Currently, user's identity headers are always inserted to downstream
request. For privacy reason, it would be better to not insert these
headers by default, and let user chose whether to include these headers
per=policy basis.
Fixes#702
When switching to envoy, we forgot to adopt the middleware to set
response headers with options.Headers, which causes HSTS header is
missing in v0.9.0 release.
Fixes#901
* config: add RemoveRequestHeaders
Currently, we have "set_request_headers" config, which reflects envoy
route.Route.RequestHeadersToAdd. This commit add new config
"remove_request_headers", which reflects envoy RequestHeadersToRemove.
This is also a preparation for future PRs to implement disable user
identity in request headers feature.
* integration: add test for remove_request_headers
* docs: add documentation/changelog for remove_request_headers
* xds: use plain functions, add unit tests for control plane routes
* xds: add test for grpc routes
* xds: add test for pomerium http routes
* xds: add test for policy routes
* xds: use plain functions
* xds: test get all routeable domains
* xds: add build downstream tls context test
* more tests
* test for client cert
* more tests
* envoy: support autocert
* envoy: fallback to http host routing if sni fails to match
* update comment
* envoy: renew certs when necessary
* fix tests
