Policies
Add or Set Request Headers Policy
The set header policy adds a header to the request in the inbound pipeline. This can be used to set a security header required by the downstream service.
Configuration
The configuration shows how to configure the policy in the 'policies.json' document.
{ "name": "my-set-headers-inbound-policy", "policyType": "set-headers-inbound", "handler": { "export": "SetHeadersInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "headers": [ { "name": "my-custom-header", "value": "test" } ] } } }
Policy Options
The options for this policy are specified below. All properties are optional unless specifically marked as required.
headers<object[]> (Required) -An array of headers to set in the request. By default, headers will be overwritten if they already exists in the request, specify the overwrite property to change this behavior.name<string> (Required) -The name of the header.value<string> (Required) -The value of the header.overwrite<boolean> -Overwrite the value if the header is already present in the request.Defaults totrue.
Using the Policy
An example for using this policy is if your backend service uses basic authentication you might use this policy to attach the Basic auth header to the request:
{ "export": "SetHeadersInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "headers": [ { "name": "Authorization", "value": "Basic DIGEST_HERE", "overwrite": true } ] } }
When doing this, you most likely want to set the secret as an environment variable, which can be accessed in the policy as follows
{ "export": "SetHeadersInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "headers": [ { "name": "Authorization", "value": "$env(BASIC_AUTHORIZATION_HEADER_VALUE)", "overwrite": true } ] } }
And you would set the environment variable BASIC_AUTHORIZATION_HEADER_VALUE to
Basic DIGEST_HERE.
Read more about how policies work