Add global response header

djairhogeuens · March 2, 2021, 8:05am

Hi all,

Based on the following issue ((mw) global response header transform middleware · Issue #2453 · TykTechnologies/tyk · GitHub) and the corresponding pull request, we should be able to add a global response header for all responses of our API definition using the global_response_headers configuration and the response_processors configuration to register the response processor middleware. Currently, we are on version 2.9.1 of the Tyk API Gateway and looking at the code of that version, this functionality should be available (although not documented). However, it does not seem to be working for me and we’re clueless on what we’re missing here. Any ideas?

Our API definition looks like this (we’re trying to add the Strict-Transport-Security header to all responses):

{
   "name":"my-service-v1",
   "api_id":"my-service-v1",
   "active":true,
   "proxy":{
      "listen_path":"/my-service/v1/",
      "target_url":"http://my-service-v1:8080/",
      "strip_listen_path":true
   },
   "auth":{
      "auth_header_name":""
   },
   "version_data":{
      "not_versioned":true,
      "versions":{
         "Default":{
            "name":"Default",
            "global_headers":{
               "X-Path":"$tyk_context.path",
               "X-Request-Id":"$tyk_context.request_id",
               "X-Remote-Addr":"$tyk_context.remote_addr"
            },
            "global_headers_remove":[
               "Authorization"
            ],
            "global_response_headers":{
               "Strict-Transport-Security":"max-age=31536000; includeSubDomains"
            },
            "global_response_headers_remove":[
               
            ]
         }
      }
   },
   "slug":"my-service/v1",
   "openid_options":{
      "segregate_by_client":false
   },
   "enable_context_vars":true,
   "use_openid":false,
   "use_keyless":true,
   "global_rate_limit":{
      "rate":-1,
      "per":-1
   },
   "response_processors":[
      {
         "name":"header_injector"
      }
   ]
}

Thanks!

leon · March 2, 2021, 1:49pm

Hi!

Global response headers was added as part of Release 3.
Thats why it probably does not work for you.

Thanks.

djairhogeuens · March 2, 2021, 2:54pm

Hm, I had found the code that was added in the pull request for this issue in tag 2.9.1 in the repository. For example:

github.com

TykTechnologies/tyk/blob/2.9.1/apidef/api_definitions.go#L249


      
          	ExpiresTs time.Time `bson:"-" json:"-"`
          	Paths     struct {
          		Ignored   []string `bson:"ignored" json:"ignored"`
          		WhiteList []string `bson:"white_list" json:"white_list"`
          		BlackList []string `bson:"black_list" json:"black_list"`
          	} `bson:"paths" json:"paths"`
          	UseExtendedPaths            bool              `bson:"use_extended_paths" json:"use_extended_paths"`
          	ExtendedPaths               ExtendedPathsSet  `bson:"extended_paths" json:"extended_paths"`
          	GlobalHeaders               map[string]string `bson:"global_headers" json:"global_headers"`
          	GlobalHeadersRemove         []string          `bson:"global_headers_remove" json:"global_headers_remove"`
          	GlobalResponseHeaders       map[string]string `bson:"global_response_headers" json:"global_response_headers"`
          	GlobalResponseHeadersRemove []string          `bson:"global_response_headers_remove" json:"global_response_headers_remove"`
          	IgnoreEndpointCase          bool              `bson:"ignore_endpoint_case" json:"ignore_endpoint_case"`
          	GlobalSizeLimit             int64             `bson:"global_size_limit" json:"global_size_limit"`
          	OverrideTarget              string            `bson:"override_target" json:"override_target"`
          }
          
          
type AuthProviderMeta struct {
          	Name          AuthProviderCode       `bson:"name" json:"name"`
          	StorageEngine StorageEngineCode      `bson:"storage_engine" json:"storage_engine"`
          	Meta          map[string]interface{} `bson:"meta" json:"meta"`

and

github.com

TykTechnologies/tyk/blob/2.9.1/gateway/res_handler_header_injector.go#L48


      
          	if found {
          		hmeta := meta.(*apidef.HeaderInjectionMeta)
          		for _, dKey := range hmeta.DeleteHeaders {
          			res.Header.Del(dKey)
          		}
          		for nKey, nVal := range hmeta.AddHeaders {
          			res.Header.Set(nKey, replaceTykVariables(req, nVal, false))
          		}
          	}
          
          
	// Manage global response header options with versionInfo
          	for _, key := range vInfo.GlobalResponseHeadersRemove {
          		log.Debug("Removing: ", key)
          		res.Header.Del(key)
          	}
          
          
	for key, val := range vInfo.GlobalResponseHeaders {
          		log.Debug("Adding: ", key)
          		res.Header.Set(key, replaceTykVariables(req, val, false))
          	}

So that’s why I concluded that it was already part of v2.9.1 as well. Am I making the wrong conclusion then?

djairhogeuens · March 26, 2021, 8:36am

Anyone has some input on my question above?

zaid · March 26, 2021, 7:00pm

Hello @djairhogeuens those features could have not been enabled then. I will look further into this and confirm. Is there a reason to why you’re using 2.9.1 and not switching to 3.x?

djairhogeuens · March 30, 2021, 12:13pm

I just switched to the latest available version 3.1.2 and this resolved the issue indeed. I had not yet looked into the release notes so I was afraid there would be too much impact but it was flawless

I still find it strange that the 2.9.1 tag already includes this code will it doesn’t work. But at least my problem is solved now.

zaid · March 30, 2021, 6:42pm

Hello @djairhogeuens yes. The code is in there however, it was not enabled at that point.

For future references Tyk has backward and forward compatibility so you should have no problem moving between versions. The only thing you will lose in backward compatibility is the features associated with the versions.

djairhogeuens · April 1, 2021, 9:50pm

Oh thanks @zaid for clarifying that. I was indeed unaware of this and now I understand!