Skip to content

Confidential Ledger SDK update SensitiveHeaderCleanupPolicy for CCF redirection change #44915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ryazhang-microsoft merged 10 commits into from
Jan 29, 2026
Merged

Confidential Ledger SDK update SensitiveHeaderCleanupPolicy for CCF redirection change #44915

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
18f5be8
update clinet and test script
ryazhang-microsoft Jan 29, 2026
5e61ec9
remove test script
ryazhang-microsoft Jan 29, 2026
56cc749
add comments
ryazhang-microsoft Jan 29, 2026
94877a6
add change log
ryazhang-microsoft Jan 29, 2026
44d00e6
update redirection policy
ryazhang-microsoft Jan 29, 2026
e58ab67
Merge branch 'main' into ryazhang/update_clien_for_redirection
ryazhang-microsoft Jan 29, 2026
2659ac7
Update CHANGELOG for version 2.0.0b2 release
ryazhang-microsoft Jan 29, 2026
6a0543c
add unit test
ryazhang-microsoft Jan 29, 2026
72ac51d
Update version to 2.0.0b2
ryazhang-microsoft Jan 29, 2026
7b88872
Trigger CI rebuild
ryazhang-microsoft Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions sdk/confidentialledger/azure-confidentialledger/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Release History

## 2.0.0b2 (Unreleased)

### Bugs Fixed

- Fixed authentication failure on HTTP redirects by preserving sensitive headers during service-managed redirects within the Confidential Ledger endpoint.

## 2.0.0b1 (2025-10-20)

### Features Added
Expand Down
8 changes: 7 additions & 1 deletion sdk/confidentialledger/azure-confidentialledger/azure/confidentialledger/_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,13 @@ def __init__( # pylint: disable=missing-client-constructor-parameter-credential
self._config.custom_hook_policy,
self._config.logging_policy,
policies.DistributedTracingPolicy(**kwargs),
policies.SensitiveHeaderCleanupPolicy(**kwargs) if self._config.redirect_policy else None,
# Redirect cleanup is disabled to preserve authentication and ledger-specific headers
Comment thread
ryazhang-microsoft marked this conversation as resolved.
# on service-managed redirects. Confidential Ledger redirects are expected to stay within
# the same trusted ledger endpoint, so forwarding these sensitive headers is required
# for correct authentication behavior.
Comment thread
ryazhang-microsoft marked this conversation as resolved.
Comment thread
ryazhang-microsoft marked this conversation as resolved.
policies.SensitiveHeaderCleanupPolicy(
disable_redirect_cleanup=True, **kwargs
) if self._config.redirect_policy else None,
Comment thread
ryazhang-microsoft marked this conversation as resolved.
self._config.http_logging_policy,
]
self._client: PipelineClient = PipelineClient(base_url=_endpoint, policies=_policies, **kwargs)
Expand Down
Loading