From 67f72ac5d47e3174f9674215121bb0b5a6cce651 Mon Sep 17 00:00:00 2001
From: Stephan DeSouza <sdesouza@synacor.com>
Date: Wed, 23 Aug 2023 14:59:23 -0400
Subject: [PATCH] ZCS-15830: ZBUG-3469 Drop headers defined in ZBUG-2800.

---
 .../com/zimbra/oauth/utilities/OAuth2ProxyUtilities.java     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/java/com/zimbra/oauth/utilities/OAuth2ProxyUtilities.java b/src/java/com/zimbra/oauth/utilities/OAuth2ProxyUtilities.java
index 14e3e63..df30e88 100644
--- a/src/java/com/zimbra/oauth/utilities/OAuth2ProxyUtilities.java
+++ b/src/java/com/zimbra/oauth/utilities/OAuth2ProxyUtilities.java
@@ -18,6 +18,7 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.Set;
 
@@ -48,6 +49,7 @@
 import org.apache.http.impl.client.HttpClientBuilder;
 
 import com.zimbra.common.httpclient.HttpClientUtil;
+import com.zimbra.common.localconfig.LC;
 import com.zimbra.common.service.ServiceException;
 import com.zimbra.common.util.ByteUtil;
 import com.zimbra.common.util.ZimbraHttpConnectionManager;
@@ -132,7 +134,8 @@ protected static boolean canProxyHeader(String header) {
             || header.equals("cache-control")
             || header.equals("cookie")
             || header.equals("origin")
-            || header.equals("transfer-encoding"));
+            || header.equals("transfer-encoding")
+            || Arrays.asList(LC.proxy_servlet_drop_headers.value().toString().split(",")).contains(header));
     }
 
     protected static void sendError(HttpServletResponse resp, int statusCode, String code) throws IOException {