Customizing HTTP headers in the config file (#12485)

* Customizing HTTP headers in the config file * Add changelog, fix bad imports * fixing some bugs * fixing interaction of custom headers and /ui * Defining a member in core to set custom response headers * missing additional file * Some refactoring * Adding automated tests for the feature * Changing some error messages based on some recommendations * Incorporating custom response headers struct into the request context * removing some unused references * fixing a test * changing some error messages, removing a default header value from /ui * fixing a test * wrapping ResponseWriter to set the custom headers * adding a new test * some cleanup * removing some extra lines * Addressing comments * fixing some agent tests * skipping custom headers from agent listener config, removing two of the default headers as they cause issues with Vault in UI mode Adding X-Content-Type-Options to the ui default headers Let Content-Type be set as before * Removing default custom headers, and renaming some function varibles * some refacotring * Refactoring and addressing comments * removing a function and fixing comments
2025-11-01 11:08:10 +00:00 · 2021-10-13 11:06:33 -04:00
parent 3aafbd0e8a
commit e0bfb73815
21 changed files with 1019 additions and 23 deletions
--- a/command/server/config_custom_response_headers_test.go
+++ b/command/server/config_custom_response_headers_test.go
@@ -0,0 +1,109 @@
+package server
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/go-test/deep"
+)
+
+var defaultCustomHeaders = map[string]string{
+	"Strict-Transport-Security": "max-age=1; domains",
+	"Content-Security-Policy":   "default-src 'others'",
+	"X-Vault-Ignored":           "ignored",
+	"X-Custom-Header":           "Custom header value default",
+}
+
+var customHeaders307 = map[string]string{
+	"X-Custom-Header": "Custom header value 307",
+}
+
+var customHeader3xx = map[string]string{
+	"X-Vault-Ignored-3xx": "Ignored 3xx",
+	"X-Custom-Header":     "Custom header value 3xx",
+}
+
+var customHeaders200 = map[string]string{
+	"Someheader-200":  "200",
+	"X-Custom-Header": "Custom header value 200",
+}
+
+var customHeader2xx = map[string]string{
+	"X-Custom-Header": "Custom header value 2xx",
+}
+
+var customHeader400 = map[string]string{
+	"Someheader-400": "400",
+}
+
+var defaultCustomHeadersMultiListener = map[string]string{
+	"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
+	"Content-Security-Policy":   "default-src 'others'",
+	"X-Vault-Ignored":           "ignored",
+	"X-Custom-Header":           "Custom header value default",
+}
+
+var defaultSTS = map[string]string{
+	"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
+}
+
+func TestCustomResponseHeadersConfigs(t *testing.T) {
+	expectedCustomResponseHeader := map[string]map[string]string{
+		"default": defaultCustomHeaders,
+		"307":     customHeaders307,
+		"3xx":     customHeader3xx,
+		"200":     customHeaders200,
+		"2xx":     customHeader2xx,
+		"400":     customHeader400,
+	}
+
+	config, err := LoadConfigFile("./test-fixtures/config_custom_response_headers_1.hcl")
+	if err != nil {
+		t.Fatalf("Error encountered when loading config %+v", err)
+	}
+	if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[0].CustomResponseHeaders); diff != nil {
+		t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff))
+	}
+}
+
+func TestCustomResponseHeadersConfigsMultipleListeners(t *testing.T) {
+	expectedCustomResponseHeader := map[string]map[string]string{
+		"default": defaultCustomHeadersMultiListener,
+		"307":     customHeaders307,
+		"3xx":     customHeader3xx,
+		"200":     customHeaders200,
+		"2xx":     customHeader2xx,
+		"400":     customHeader400,
+	}
+
+	config, err := LoadConfigFile("./test-fixtures/config_custom_response_headers_multiple_listeners.hcl")
+	if err != nil {
+		t.Fatalf("Error encountered when loading config %+v", err)
+	}
+	if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[0].CustomResponseHeaders); diff != nil {
+		t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff))
+	}
+
+	if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[1].CustomResponseHeaders); diff == nil {
+		t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff))
+	}
+	if diff := deep.Equal(expectedCustomResponseHeader["default"], config.Listeners[1].CustomResponseHeaders["default"]); diff != nil {
+		t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff))
+	}
+
+	if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[2].CustomResponseHeaders); diff == nil {
+		t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff))
+	}
+
+	if diff := deep.Equal(defaultSTS, config.Listeners[2].CustomResponseHeaders["default"]); diff != nil {
+		t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff))
+	}
+
+	if diff := deep.Equal(expectedCustomResponseHeader, config.Listeners[3].CustomResponseHeaders); diff == nil {
+		t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff))
+	}
+
+	if diff := deep.Equal(defaultSTS, config.Listeners[3].CustomResponseHeaders["default"]); diff != nil {
+		t.Fatalf(fmt.Sprintf("parsed custom headers do not match the expected ones, difference: %v", diff))
+	}
+}