From 4fbd5f44d587056a187ce3532c004fe3dd812085 Mon Sep 17 00:00:00 2001
From: Sebastien Blot <sebastien@crowdsec.net>
Date: Wed, 13 Mar 2024 11:30:39 +0100
Subject: [PATCH] [appsec] delete api key header before processing the request

---
 pkg/appsec/request.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/appsec/request.go b/pkg/appsec/request.go
index 0479dea471e..5d07d896a25 100644
--- a/pkg/appsec/request.go
+++ b/pkg/appsec/request.go
@@ -320,6 +320,7 @@ func NewParsedRequestFromRequest(r *http.Request, logger *logrus.Entry) (ParsedR
 	delete(r.Header, URIHeaderName)
 	delete(r.Header, VerbHeaderName)
 	delete(r.Header, UserAgentHeaderName)
+	delete(r.Header, APIKeyHeaderName)
 
 	originalHTTPRequest := r.Clone(r.Context())
 	originalHTTPRequest.Body = io.NopCloser(bytes.NewBuffer(body))