What’s the correct way to remove the authorization header from an incoming request?
I’ve created a RegisterTypedRequestFilter< Authenticate>() but I run up against a System.NotSupportedException when I try to remove and/or set the value for the key HttpHeaders.Authorization.
We’ve run into an issue where the incoming Bearer token gets used to create the initial session within that Authenticate Post. This results in the ability to post a bearer token of User A, while authenticating User B, and the session coming back is a blend of both.
I’d like to strip all auth headers from the authenticate endpoint to ensure the session that gets created is an empty blank session and not based on the incoming bearer token (should one be present).