openvidu-call: Remove not needed headers

openvidu-call/openvidu-call-back-java/src/main/java/io/openvidu/call/java/services/ProxyService.java

@@ -1,7 +1,9 @@
 package io.openvidu.call.java.services;
 
+import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.Arrays;
 import java.util.Enumeration;
 
 import javax.servlet.http.HttpServletRequest;
@@ -9,13 +11,8 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.ResponseEntity;
-import org.springframework.http.client.BufferingClientHttpRequestFactory;
-import org.springframework.http.client.ClientHttpRequestFactory;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.http.*;
+import org.springframework.http.client.*;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.HttpStatusCodeException;
 import org.springframework.web.client.RestTemplate;
@@ -26,7 +23,7 @@ public class ProxyService {
 
 	@Value("${OPENVIDU_URL}")
 	public String OPENVIDU_URL;
-	
+
 	@Autowired
 	private OpenViduService openviduService;
 
@@ -36,7 +33,7 @@ public class ProxyService {
 		String requestUrl = request.getRequestURI();
 
 		URI uri = UriComponentsBuilder.fromUriString(OPENVIDU_URL).path(requestUrl).query(request.getQueryString()).build(true).toUri();
-		
+
 		HttpHeaders headers = new HttpHeaders();
 		Enumeration<String> headerNames = request.getHeaderNames();
 
@@ -44,14 +41,21 @@ public class ProxyService {
 			String headerName = headerNames.nextElement();
 			headers.set(headerName, request.getHeader(headerName));
 		}
-		
-		headers.add("Authorization", this.openviduService.getBasicAuth());
 
+		headers.add("Authorization", this.openviduService.getBasicAuth());
+		headers.remove("Cookie");
 		headers.remove(HttpHeaders.ACCEPT_ENCODING);
 
 		HttpEntity<String> httpEntity = new HttpEntity<>(null, headers);
 		ClientHttpRequestFactory factory = new BufferingClientHttpRequestFactory(new SimpleClientHttpRequestFactory());
 		RestTemplate restTemplate = new RestTemplate(factory);
+
+		restTemplate.setInterceptors(Arrays.asList((requestIntercept, body, execution) -> {
+			ClientHttpResponse responseIntercept = execution.execute(requestIntercept, body);
+			responseIntercept.getHeaders().remove("set-cookie");
+			return responseIntercept;
+		}));
+
 		try {
 
 			return restTemplate.exchange(uri, HttpMethod.GET, httpEntity,  byte[].class);

openvidu-call/openvidu-call-back/src/controllers/RecordingController.ts

@@ -143,6 +143,7 @@ export const proxyGETRecording = createProxyMiddleware({
 	onProxyReq: (proxyReq, req: Request, res: Response) => {
 		const isAdminDashboard = openviduService.adminTokens.includes(req['session'].token);
 		const sessionId = openviduService.getSessionIdFromCookie(req.cookies);
+		proxyReq.removeHeader('Cookie');
 		if ((!!sessionId && openviduService.isValidToken(sessionId, req.cookies)) || isAdminDashboard) {
 			const recordingId: string = req.params.recordingId;
 			if (!recordingId) {
@@ -155,6 +156,9 @@ export const proxyGETRecording = createProxyMiddleware({
 			return res.status(403).send(JSON.stringify({ message: 'Permissions denied to drive recording' }));
 		}
 	},
+	onProxyRes: (proxyRes, req: Request, res: Response) => {
+		proxyRes.headers['set-cookie'] = null;
+	},
 	onError: (error, req: Request, res: Response) => {
 		console.log(error);
 		const code = Number(error?.message);