Thanks Larry, I have opened https://issues.apache.org/jira/browse/KNOX-1017 for this. will update once I'm ready with the patch.
On Tue, Aug 29, 2017 at 5:36 PM, larry mccay <[email protected]> wrote: > Hi Latha - > > I see. > This is a good candidate to add to the WebAppSec Provider: > https://github.com/apache/knox/tree/master/gateway-provider-security- > webappsec/src/main/java/org/apache/hadoop/gateway/webappsec > > This will allow you to set it for all the services in a topology. > > You can use the others in the filter subpackage as an example and you will > need to extend the deployment contributor to take the configuration to > enable that particular filter in the generated webapp. See the > WebAppSecContributor in the deploy subpackage. Add similar config support > and your new filter. > > File a JIRA for it and set the Fix version to 0.14.0 for now and > contribute the patch. > > HTH, > > --larry > > On Tue, Aug 29, 2017 at 7:05 AM, Latha Appanna <[email protected]> > wrote: > >> Hi Larry, >> >> We want to add this header for all services, but if its possible to do >> for a specific service now, please let me know on how we can add it to this >> using a rewrite function? >> >> Thanks, >> Latha >> >> On Tue, Aug 29, 2017 at 10:20 AM, Latha Appanna <[email protected]> >> wrote: >> >>> Hi Larry, >>> >>> >>> We want to have "Strict-Transport-Security" header in knox reponses for >>> all the services being proxied by KNOX for security purpose. Thanks >>> >>> On Mon, Aug 28, 2017 at 5:43 PM, larry mccay <[email protected]> wrote: >>> >>>> Hi Latha - >>>> >>>> I don't believe there is any way to do this currently. >>>> I'd be interested in the usecase where the client is looking for a >>>> header that isn't being returned by the actual service being proxied. >>>> >>>> If it is for a specific service that you need to do this for then we >>>> could potentially look into a rewrite function to add a header. >>>> Then you would add it to the service definition. >>>> >>>> If it is for all services being proxied by Knox then we would need to >>>> look for a central configuration and injection point. >>>> Maybe we could add something in the DefaultDispatch we could >>>> interrogate the GatewayConfig and decide what headers to add. >>>> >>>> thanks, >>>> >>>> --larry >>>> >>>> On Mon, Aug 28, 2017 at 5:36 AM, Latha Appanna <[email protected]> >>>> wrote: >>>> >>>>> I did not find any documentation on how to add a http header in all >>>>> responses from knox, please let me know on how to do it. Thanks >>>>> >>>> >>>> >>> >> >
