Please tell me if this is a feature of ORDS. I'm struggling to find this documented anywhere.
We have a custom PL/SQL package that provides a webservice after validating the AUTHORIZATION header. Apparently on ORDS we no longer need to use PlsqlCGIEnvironmentList to allow headers through to PL/SQL, so I've not specifically configured anything, but I can't see the AUTHORIZATION header via owa_util.get_cgi_env('HTTP_AUTHORIZATION');
I can see other custom headers such as x-forwarded-for which is set by the proxy.
For the record, we figured out the header is there, it no longer requires the HTTP_ prefix to access it. So owa_util.get_cgi_env('AUTHORIZATION') works on ORDS.