Request Header propagation transparently from service A to service B using Envoy filter

I have a Envoy Lua HTTP filter at SIDECAR_INBOUND. The filter received the token in Authorization header and does the signVerify and checks claim. The filter will further generate a new token e.g. sesson-token to be passed to next service in call chain if any. E.g. talking of bookinfo example:
Request(Auth token)-> Istio Ingressgateway -> Filter at productpage ->(new token “session-token”) -> filter at details

The application code at details relies on the new token ( session token) to allow code execution. Even though this is service-to-service communication, I need to have either the original authorization header or the newly generated header session-token to be available to next service in call chain.

I tried using dynamica metadata api of Envoy Lua also but it just forwards the header added in request-handle to make it available in
response_handle only.

I am looking for some Envoy Lua filter mechanism to transparently propagate custom headers from service to service without the application code modification.

Are you sure that the header is making it through ingress gateway? Meaning is the header getting stripped by ingress gateway before the EnvoyFilter at productpage can copy it to a new value? Please share your Lua Filter if possible

Yes. I can see that header in Productpage filter…
kind: EnvoyFilter
name: custom-auth-productpage
namespace: default
app: productpage
version: v1
# The first patch adds the lua filter to the listener/http connection manager

  • applyTo: HTTP_FILTER
    context: SIDECAR_INBOUND
    # portNumber: 9080
    name: “envoy.http_connection_manager”
    name: “envoy.filters.http.wasm”
    operation: INSERT_AFTER # Make it AFTER, if forwardOriginalToken: false in gatewsay jwt
    value: # lua filter specification
    name: envoy.lua
    @type”: “
    inlineCode: |
    uuid = (loadfile “/var/lib/lua/uuid.lua”)() – one-time load of the routines
    kjwt = (loadfile “/var/lib/lua/kjwt.lua”)() – “var.lib.lua.kjwt”
    function envoy_on_request(request_handle)
    local headers = request_handle:headers()
    local auth = headers:get(“Authorization”)