Custom response headers

[jirenius]

Issue

When connecting to resgate, either through HTTP or WebSocket, it should be possible for a service to set http status and headers, such as Set-Cookie headers, in the response.

Notes

• A new optional property meta should be added to the response object of access, call, and auth requests:

  Meta object

  In addition to the result, resource, or error member of a response, the response may contain a meta member which allows the service to specify things like HTTP status and headers set in the HTTP response of a client's HTTP or WebSocket connection. If multiple responses contains overlapping metadata that affects the same connection, the priority of the metadata SHOULD be as follow, listed with the highest priority first:

  • call request
  • access request
  • auth request

  The value is an object with the following members:

  status
  HTTP status code, overriding default HTTP response status code. MAY be omitted.
  SHOULD be ignored if isHttp is not set to true on the request.
  SHOULD be ignored if status codes has no definition for the value.
  MUST be a one of the defined [status codes] MUST be a number.

  header
  HTTP headers to set on the HTTP response. MAY be omitted.
  SHOULD be ignored if isHttp is not set to true on the request.
  MUST be a key/value object, where the key is the canonical format of the MIME header, and the value is an array of strings associated with the key.
  If the header key is "Set-Cookie", the value will be added to any existing values, otherwise it will replace any existing value.

• A new definition for status codes should be added to the specification:

  Status codes

  The status code is a subset of the HTTP status codes. Behavior is only defined for redirection (3XX), client error (4XX), and server error (5XX).
  The gateway MUST respond to the HTTP or WebSocket connection using the given status code, if behavior is defined for it. Otherwise it SHOULD ignore the code and make a fallback to default behavior.

  3XX SHOULD result in an immediate response to the client, without subsequent service requests.
  SHOULD have the "Location" header set if the resource field is not set on the response.
  SHOULD result in no content being sent to the client making the request.

  4XX SHOULD result in an immediate response to the client, without subsequent service requests.
  If error is set on the response, that error value should be sent in the client response.
  If no error is set on the response, the gateway SHOULD respond to the client with an error matching the code.

  5XX SHOULD result in an immediate response to the client, without subsequent service requests.
  If error is set on the response, that error value should be sent in the client response.
  If no error is set on the response, the gateway SHOULD respond to the client with an error matching the code.

• A new member should be added to the access, call, and auth requests:

  isHttp
  Flag telling if the response may contain an http object. May be omitted if the value is false. MUST be a boolean.

• Any meta object will be ignored unless isHttp is true.

• If multiple requests contains http objects in their responses, the priority will be as follow, listed with the highest priority first:

  • call (only for web API)
  • access (only for web API)
  • auth (only if headerAuth or wsHeaderAuth is configured)

• The following headers should be stripped out by resgate: Sec-Websocket-Extensions, Sec-Websocket-Protocol, Access-Control-Allow-Credentials, Access-Control-Allow-Origin, Content-Type

[jirenius]

Resolved in PR #252