header-normalization.cfg.xml
----
<header-normalization xmlns='http://docs.openrepose.org/repose/header-normalization/v1.0'>
<target uri-regex="/servers/(.*)" http-methods="ALL"> (1)
<request> (2) (3)
<whitelist> (4) (5)
<header id="X-Auth-Key"/> (6)
<header id="X-Auth-User"/>
</whitelist>
</request>
<response> (7)
<blacklist> (8)
<header id="X-User-Name"/>
<header id="X-Tenant-Id"/>
</blacklist>
</response>
</target>
<target http-methods="POST PUT"> (9)
<request>
<whitelist>
<header id="X-Modify"/>
</whitelist>
</request>
</target>
<target> (10)
<request>
<blacklist>
<header id="X-PP-User"/>
<header id="X-PP-Groups"/>
</blacklist>
</request>
<response>
<blacklist>
<header id="X-Remove-Me"/>
</blacklist>
</response>
</target>
</header-normalization>
----
<1> Since the http-methods attribute is not specified, this target applies to all http methods (GET, POST, PUT, etc) that match the uri-regex.
<2> Even though both request and response elements are optional, at least one must be specified and both can be.
<3> The following whitelist only applies to the request.
<4> Even though both whitelist and blacklist elements are optional, one and only one must be specified.
<5> A whitelist specifies the only headers that are allowed to continue.
<6> The header element consists of only the required id attribute which defines the case-insensitive name of the header to remove or allow to pass.
<7> The following blacklist will only apply to the response.
<8> A blacklist specifies exactly which headers to not allow to continue.
<9> Since the uri-regex attribute is not specified, this target applies to all POST and PUT requests.
Valid http-methods are: GET, DELETE, POST, PUT, HEAD, OPTIONS, CONNECT, TRACE, and ALL
<10> Since neither the uri-regex nor http-methods are specified, this target applies to all requests and responses that don't match one of the previous targets.