Support the addition of a custom header to the client request

[gnotaras]

stud should support the addition of custom headers to the request, so that the backend server have a trusted way to determine whether the request has actually passed through stud or not.

For instance, I'd add a secret key as a value to a custom header in the stud configuration.

X-Secure-Conn-Key: 1234567890

Then, in the backend server I'd check for the existence of my secret header and key and in turn notify the application that the client has connected over a secure channel.

Eg, in apache, the header could be checked and, if the key matched, the variable HTTPS would be set to on (most web applications use such a variable to determine if the client connection was secure):

SetEnvIf X-Secure-Conn-Key 1234567890 HTTPS=on

I think it would be a useful feature.

PS: My use case is stud<->varnish<->apache<->fastcgi_app

[kvdveer]

If you trust the host where stud is running, you may be able to add the secure key in varnish, by checking the source of the request:

sub vcl_recv { if (client.ip ~ stud_hosts ) { set req.http.x-secure-conn-key = "1234567890 https=on"; } else { set req.http.x-secure-conn-key = "1234567890 https=off"; } }