feat: stop sending Cookies header

guardian · Feb 15, 2024 · 8f2d2be · 8f2d2be
1 parent 1f46402
commit 8f2d2be
Showing 1 changed file with 1 addition and 6 deletions.
diff --git a/server/apiProxy.ts b/server/apiProxy.ts
@@ -108,12 +108,7 @@ export const proxyApiHandler =
 						Authorization: `Bearer ${req.signedCookies[OAuthAccessTokenCookieName]}`,
 					};
 				default:
-					// TODO: This is legacy code!
-					// We don't want to send literally all cookies to APIs so when
-					// we migrate to Okta tokens entirely we should remove this
-					return {
-						Cookie: getCookiesOrEmptyString(req),
-					};
+					return {};
 			}
 		};