shreemaan-abhishek opened a new pull request, #13491: URL: https://github.com/apache/apisix/pull/13491
### Description The `dingtalk-auth` plugin sets the `X-Userinfo` request header from the verified session, but only when `set_userinfo_header` is `true`. When it is `false`, a client-supplied `X-Userinfo` header was left untouched and forwarded to the upstream as-is. This aligns `dingtalk-auth` with the sibling `feishu-auth` plugin, which already clears `X-Userinfo` unconditionally at the start of its `rewrite` phase. The header is now always cleared first, so the upstream only ever receives an `X-Userinfo` value set by APISIX (or none, when `set_userinfo_header` is `false`). A regression test is added covering both `set_userinfo_header` settings. #### Which issue(s) this PR fixes: Fixes # ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [x] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
