Closed pharrisee closed 6 years ago
@pharrisee Thanks for sharing. Yeah it is informative article.
You have guess it correctly, best spot is OnPreReply
.
My thoughts; discussed headers in the article mostly applicable to proxy server, cache server, etc For e.g. CDN's.
As an application; header originates here. aah has OOTB configs -
server.header
to control header Server
(either remove it or have your custom name) doc reference: https://docs.aahframework.org/app-config.html#section-serversecurity.http_header { ... }
to control Security headers; Exclude header from writing, just put empty string
as a value. doc reference: https://docs.aahframework.org/security-config.html#section-http-header
X-Frame-Options
header, just set security.http_header.xfo = ""
@pharrisee Above information; does it fulfill your need?
@pharrisee I have thought about your idea. A way to manipulate the headers for each request at application level.
Having more flexibility and control of reply in aah framework is important. So I'm planning to add following enhancement in HTTP Engine-
OnHeaderReply
- Called for each reply from aah server. At this point all the headers from aah have been written on the response writer except Header Status
.aah.AppHTTPEngine().OnHeaderReply(HandleHeader)
func HandleHeader(e *aah.Event) {
hdr := e.Data.(http.Header)
// Header instance is direct reference to http.ResponseWritter
// Change reflects immediately :)
//
// logic goes here
}
Converting this issue as Enhancement.
Its done 😄
After reading this:
https://www.fastly.com/blog/headers-we-dont-want
It struck me that there doesn't seem to be a way to remove headers on an app-wide basis.
What would be the best way to achieve this? OnPreReply hook?
Could there be a config option for custom header inclusion and exclusion?