Hi all,
Based on the following issue ((mw) global response header transform middleware · Issue #2453 · TykTechnologies/tyk · GitHub) and the corresponding pull request, we should be able to add a global response header for all responses of our API definition using the global_response_headers
configuration and the response_processors
configuration to register the response processor middleware. Currently, we are on version 2.9.1 of the Tyk API Gateway and looking at the code of that version, this functionality should be available (although not documented). However, it does not seem to be working for me and we’re clueless on what we’re missing here. Any ideas?
Our API definition looks like this (we’re trying to add the Strict-Transport-Security
header to all responses):
{
"name":"my-service-v1",
"api_id":"my-service-v1",
"active":true,
"proxy":{
"listen_path":"/my-service/v1/",
"target_url":"http://my-service-v1:8080/",
"strip_listen_path":true
},
"auth":{
"auth_header_name":""
},
"version_data":{
"not_versioned":true,
"versions":{
"Default":{
"name":"Default",
"global_headers":{
"X-Path":"$tyk_context.path",
"X-Request-Id":"$tyk_context.request_id",
"X-Remote-Addr":"$tyk_context.remote_addr"
},
"global_headers_remove":[
"Authorization"
],
"global_response_headers":{
"Strict-Transport-Security":"max-age=31536000; includeSubDomains"
},
"global_response_headers_remove":[
]
}
}
},
"slug":"my-service/v1",
"openid_options":{
"segregate_by_client":false
},
"enable_context_vars":true,
"use_openid":false,
"use_keyless":true,
"global_rate_limit":{
"rate":-1,
"per":-1
},
"response_processors":[
{
"name":"header_injector"
}
]
}
Thanks!