Add or Set Request Headers Policy
The set header policy adds a header to the request in the inbound pipeline. This can be used to set a security header required by the downstream service.
Configuration
The configuration shows how to configure the policy in the 'policies.json' document.
{ "name": "my-set-headers-inbound-policy", "policyType": "set-headers-inbound", "handler": { "export": "SetHeadersInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "headers": [ { "name": "my-custom-header", "value": "test" } ] } } }json
Policy Configuration
name
<string>
- The name of your policy instance. This is used as a reference in your routes.policyType
<string>
- The identifier of the policy. This is used by the Zuplo UI. Value should beset-headers-inbound
.handler.export
<string>
- The name of the exported type. Value should beSetHeadersInboundPolicy
.handler.module
<string>
- The module containing the policy. Value should be$import(@zuplo/runtime)
.handler.options
<object>
- The options for this policy. See Policy Options below.
Policy Options
The options for this policy are specified below. All properties are optional unless specifically marked as required.
headers
(required)<object[]>
- An array of headers to set in the request. By default, headers will be overwritten if they already exists in the request, specify the overwrite property to change this behavior.name
(required)<string>
- The name of the header.value
(required)<string>
- The value of the header.overwrite
<boolean>
- Overwrite the value if the header is already present in the request. Defaults totrue
.
Using the Policy
An example for using this policy is if your backend service uses basic authentication you might use this policy to attach the Basic auth header to the request:
{ "export": "SetHeadersInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "headers": [ { "name": "Authorization", "value": "Basic DIGEST_HERE", "overwrite": true } ] } }json
When doing this, you most likely want to set the secret as an environment variable, which can be accessed in the policy as follows
{ "export": "SetHeadersInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "headers": [ { "name": "Authorization", "value": "$env(BASIC_AUTHORIZATION_HEADER_VALUE)", "overwrite": true } ] } }json
And you would set the environment variable BASIC_AUTHORIZATION_HEADER_VALUE
to
Basic DIGEST_HERE
.
Read more about how policies work