Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Customizing HTTP headers in the config file (#12485)
* Customizing HTTP headers in the config file * Add changelog, fix bad imports * fixing some bugs * fixing interaction of custom headers and /ui * Defining a member in core to set custom response headers * missing additional file * Some refactoring * Adding automated tests for the feature * Changing some error messages based on some recommendations * Incorporating custom response headers struct into the request context * removing some unused references * fixing a test * changing some error messages, removing a default header value from /ui * fixing a test * wrapping ResponseWriter to set the custom headers * adding a new test * some cleanup * removing some extra lines * Addressing comments * fixing some agent tests * skipping custom headers from agent listener config, removing two of the default headers as they cause issues with Vault in UI mode Adding X-Content-Type-Options to the ui default headers Let Content-Type be set as before * Removing default custom headers, and renaming some function varibles * some refacotring * Refactoring and addressing comments * removing a function and fixing comments
- Loading branch information
Showing
21 changed files
with
1,019 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:feature | ||
**Customizable HTTP Headers**: Add support to define custom HTTP headers for root path (`/`) and also on API endpoints (`/v1/*`) | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
package server | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/go-test/deep" | ||
) | ||
|
||
var defaultCustomHeaders = map[string]string{ | ||
"Strict-Transport-Security": "max-age=1; domains", | ||
"Content-Security-Policy": "default-src 'others'", | ||
"X-Vault-Ignored": "ignored", | ||
"X-Custom-Header": "Custom header value default", | ||
} | ||
|
||
var customHeaders307 = map[string]string{ | ||
"X-Custom-Header": "Custom header value 307", | ||
} | ||
|
||
var customHeader3xx = map[string]string{ | ||
"X-Vault-Ignored-3xx": "Ignored 3xx", | ||
"X-Custom-Header": "Custom header value 3xx", | ||
} | ||
|
||
var customHeaders200 = map[string]string{ | ||
"Someheader-200": "200", | ||
"X-Custom-Header": "Custom header value 200", | ||
} | ||
|
||
var customHeader2xx = map[string]string{ | ||
"X-Custom-Header": "Custom header value 2xx", | ||
} | ||
|
||
var customHeader400 = map[string]string{ | ||
"Someheader-400": "400", | ||
} | ||
|
||
var defaultCustomHeadersMultiListener = map[string]string{ | ||
"Strict-Transport-Security": "max-age=31536000; includeSubDomains", | ||
"Content-Security-Policy": "default-src 'others'", | ||
"X-Vault-Ignored": "ignored", | ||
"X-Custom-Header": "Custom header value default", | ||
} | ||
|
||
var defaultSTS = map[string]string{ | ||
"Strict-Transport-Security": "max-age=31536000; includeSubDomains", | ||
} | ||
|
||
func TestCustomResponseHeadersConfigs(t *testing.T) { | ||
expectedCustomResponseHeader := map[string]map[string]string{ | ||
"default": defaultCustomHeaders, | ||
"307": customHeaders307, | ||
"3xx": customHeader3xx, | ||
"200": customHeaders200, | ||
"2xx": customHeader2xx, | ||
"400": customHeader400, | ||
} | ||
|
||
config, err := LoadConfigFile("./test-fixtures/config_custom_response_headers_1.hcl") | ||
if err != nil { | ||
t.Fatalf("Error encountered when loading config %+v", err) | ||
} | ||
if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[0].CustomResponseHeaders); diff != nil { | ||
t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff)) | ||
} | ||
} | ||
|
||
func TestCustomResponseHeadersConfigsMultipleListeners(t *testing.T) { | ||
expectedCustomResponseHeader := map[string]map[string]string{ | ||
"default": defaultCustomHeadersMultiListener, | ||
"307": customHeaders307, | ||
"3xx": customHeader3xx, | ||
"200": customHeaders200, | ||
"2xx": customHeader2xx, | ||
"400": customHeader400, | ||
} | ||
|
||
config, err := LoadConfigFile("./test-fixtures/config_custom_response_headers_multiple_listeners.hcl") | ||
if err != nil { | ||
t.Fatalf("Error encountered when loading config %+v", err) | ||
} | ||
if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[0].CustomResponseHeaders); diff != nil { | ||
t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff)) | ||
} | ||
|
||
if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[1].CustomResponseHeaders); diff == nil { | ||
t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff)) | ||
} | ||
if diff := deep.Equal(expectedCustomResponseHeader["default"], config.Listeners[1].CustomResponseHeaders["default"]); diff != nil { | ||
t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff)) | ||
} | ||
|
||
if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[2].CustomResponseHeaders); diff == nil { | ||
t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff)) | ||
} | ||
|
||
if diff := deep.Equal(defaultSTS, config.Listeners[2].CustomResponseHeaders["default"]); diff != nil { | ||
t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff)) | ||
} | ||
|
||
if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[3].CustomResponseHeaders); diff == nil { | ||
t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff)) | ||
} | ||
|
||
if diff := deep.Equal(defaultSTS, config.Listeners[3].CustomResponseHeaders["default"]); diff != nil { | ||
t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff)) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
command/server/test-fixtures/config_custom_response_headers_1.hcl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
storage "inmem" {} | ||
listener "tcp" { | ||
address = "127.0.0.1:8200" | ||
tls_disable = true | ||
custom_response_headers { | ||
"default" = { | ||
"Strict-Transport-Security" = ["max-age=1","domains"], | ||
"Content-Security-Policy" = ["default-src 'others'"], | ||
"X-Vault-Ignored" = ["ignored"], | ||
"X-Custom-Header" = ["Custom header value default"], | ||
} | ||
"307" = { | ||
"X-Custom-Header" = ["Custom header value 307"], | ||
} | ||
"3xx" = { | ||
"X-Vault-Ignored-3xx" = ["Ignored 3xx"], | ||
"X-Custom-Header" = ["Custom header value 3xx"] | ||
} | ||
"200" = { | ||
"someheader-200" = ["200"], | ||
"X-Custom-Header" = ["Custom header value 200"] | ||
} | ||
"2xx" = { | ||
"X-Custom-Header" = ["Custom header value 2xx"] | ||
} | ||
"400" = { | ||
"someheader-400" = ["400"] | ||
} | ||
} | ||
} | ||
disable_mlock = true |
56 changes: 56 additions & 0 deletions
56
command/server/test-fixtures/config_custom_response_headers_multiple_listeners.hcl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
storage "inmem" {} | ||
listener "tcp" { | ||
address = "127.0.0.1:8200" | ||
tls_disable = true | ||
custom_response_headers { | ||
"default" = { | ||
"Content-Security-Policy" = ["default-src 'others'"], | ||
"X-Vault-Ignored" = ["ignored"], | ||
"X-Custom-Header" = ["Custom header value default"], | ||
} | ||
"307" = { | ||
"X-Custom-Header" = ["Custom header value 307"], | ||
} | ||
"3xx" = { | ||
"X-Vault-Ignored-3xx" = ["Ignored 3xx"], | ||
"X-Custom-Header" = ["Custom header value 3xx"] | ||
} | ||
"200" = { | ||
"someheader-200" = ["200"], | ||
"X-Custom-Header" = ["Custom header value 200"] | ||
} | ||
"2xx" = { | ||
"X-Custom-Header" = ["Custom header value 2xx"] | ||
} | ||
"400" = { | ||
"someheader-400" = ["400"] | ||
} | ||
} | ||
} | ||
listener "tcp" { | ||
address = "127.0.0.2:8200" | ||
tls_disable = true | ||
custom_response_headers { | ||
"default" = { | ||
"Content-Security-Policy" = ["default-src 'others'"], | ||
"X-Vault-Ignored" = ["ignored"], | ||
"X-Custom-Header" = ["Custom header value default"], | ||
} | ||
} | ||
} | ||
listener "tcp" { | ||
address = "127.0.0.3:8200" | ||
tls_disable = true | ||
custom_response_headers { | ||
"2xx" = { | ||
"X-Custom-Header" = ["Custom header value 2xx"] | ||
} | ||
} | ||
} | ||
listener "tcp" { | ||
address = "127.0.0.4:8200" | ||
tls_disable = true | ||
} | ||
|
||
|
||
disable_mlock = true |
Oops, something went wrong.