[x] In handlersjs-http, add a vary: string[] = [] constructor argument to the HttpHandlerOperation, such that varying headers may be set in the configuration of each operation. Use these vary lists in the RoutedHttpRequestHandler to add a vary: ... header to the response, containing the configured headers. For every WebID registry API endpoint, configure all operations with vary: [ "Accept", "Authorization", "Origin" ], which should result in a vary: Accept, Authorization, Origin response header.
[x] Also in HttpHandlerOperation, add a date header to every response, set to current date and time in UTC. Add a boolean constructor argument addDateHeader: boolean = true, which can switch off this behavior. => added by node response object by default
[x] In HttpHandlerRoute => In HttpRequestResponseHandler, add an optional constructor argument poweredBy: string = "Handlers.js". Use this parameter in RoutedHttpRequestHandler to add a header called x-powered-by to the response. In the use.id configuration, set this to "use.id".
[x] In NodeHttpRequestResponseHandler, add a constructor argument hsts: { maxAge: int; includeSubDomains: boolean } = { maxAge: 7200, includeSubDomains: true }. Use these values to add a strict-transport-security: max-age=x; includeSubDomains header to the response.
also since it will be the commit message later: the PR name should be updated so that it makes more sense for anyone outside of Digita (still a public repo)
Changes (from this TA)
[x] In handlersjs-http, add a vary: string[] = [] constructor argument to the HttpHandlerOperation, such that varying headers may be set in the configuration of each operation. Use these vary lists in the RoutedHttpRequestHandler to add a vary: ... header to the response, containing the configured headers. For every WebID registry API endpoint, configure all operations with vary: [ "Accept", "Authorization", "Origin" ], which should result in a vary: Accept, Authorization, Origin response header.
[x]
Also in HttpHandlerOperation, add a date header to every response, set to current date and time in UTC. Add a boolean constructor argument addDateHeader: boolean = true, which can switch off this behavior.=> added by node response object by default[x]
In HttpHandlerRoute=> In HttpRequestResponseHandler, add an optional constructor argument poweredBy: string = "Handlers.js". Use this parameter in RoutedHttpRequestHandler to add a header called x-powered-by to the response. In the use.id configuration, set this to "use.id".[x] In NodeHttpRequestResponseHandler, add a constructor argument hsts: { maxAge: int; includeSubDomains: boolean }
= { maxAge: 7200, includeSubDomains: true }. Use these values to add a strict-transport-security: max-age=x; includeSubDomains header to the response.