Add ability to set arbitrary headers

This is useful if you want to add headers for things like HTTP Strict Transport Security or HTTP Public Key Pinning.
9 years ago · 39bb999db6
3 changed files with 61 additions and 0 deletions
--- a/headers.go
+++ b/headers.go
@ -0,0 +1,27 @@
+package main
+
+import (
+	"net/http"
+	"strings"
+)
+
+type addheaders struct {
+	h       http.Handler
+	headers []string
+}
+
+func (a addheaders) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	for _, header := range a.headers {
+		headerSplit := strings.SplitN(header, ": ", 2)
+		w.Header().Add(headerSplit[0], headerSplit[1])
+	}
+
+	a.h.ServeHTTP(w, r)
+}
+
+func AddHeaders(headers []string) func(http.Handler) http.Handler {
+	fn := func(h http.Handler) http.Handler {
+		return addheaders{h, headers}
+	}
+	return fn
+}
--- a/server.go
+++ b/server.go
@ -10,6 +10,7 @@ import (
 	"os"
 	"regexp"
 	"strconv"
+	"strings"
 	"time"

 	"github.com/GeertJohan/go.rice"
@ -20,6 +21,17 @@ import (
 	"github.com/zenazn/goji/web/middleware"
 )

+type headerList []string
+
+func (h *headerList) String() string {
+	return strings.Join(*h, ",")
+}
+
+func (h *headerList) Set(value string) error {
+	*h = append(*h, value)
+	return nil
+}
+
 var Config struct {
 	bind                      string
 	filesDir                  string
@ -40,6 +52,7 @@ var Config struct {
 	remoteUploads             bool
 	authFile                  string
 	remoteAuthFile            string
+	addHeaders                headerList
 }

 var Templates = make(map[string]*pongo2.Template)
@ -69,6 +82,7 @@ func setup() *web.Mux {
 		policy: Config.contentSecurityPolicy,
 		frame:  Config.xFrameOptions,
 	}))
+	mux.Use(AddHeaders(Config.addHeaders))

 	if Config.authFile != "" {
 		mux.Use(UploadAuth(AuthOptions{
@ -205,6 +219,8 @@ func main() {
 		"value of Content-Security-Policy header for file access")
 	flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN",
 		"value of X-Frame-Options header")
+	flag.Var(&Config.addHeaders, "addheader",
+		"Add an arbitrary header to the response. This option can be used multiple times.")

 	iniflags.Parse()

--- a/server_test.go
+++ b/server_test.go
@ -52,6 +52,24 @@ func TestIndex(t *testing.T) {
 	}
 }

+func TestAddHeader(t *testing.T) {
+	Config.addHeaders = []string{"Linx-Test: It works!"}
+
+	mux := setup()
+	w := httptest.NewRecorder()
+
+	req, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	mux.ServeHTTP(w, req)
+
+	if w.Header().Get("Linx-Test") != "It works!" {
+		t.Fatal("Header 'Linx-Test: It works!' not found in index response")
+	}
+}
+
 func TestAuthKeys(t *testing.T) {
 	Config.authFile = "/dev/null"