diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/profiles/keystone.pan b/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/profiles/keystone.pan index dfc5e2f319..ff9274e2bb 100644 --- a/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/profiles/keystone.pan +++ b/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/profiles/keystone.pan @@ -97,3 +97,9 @@ prefix "contents"; 'name', 'Strict-Transport-Security', 'value', 'max-age=15768000' )); + +"vhosts/keystone/requestheader" = append(dict( + 'action', 'set', + 'name', 'X-MAGIC-SOMETHING', + 'value', '%{MAGIC}xyz' + )); diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/regexps/keystone/base b/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/regexps/keystone/base index a112498be6..c30fc80dea 100644 --- a/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/regexps/keystone/base +++ b/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/regexps/keystone/base @@ -33,6 +33,7 @@ Base test for keystone wsgi config ^ errorlogformat "%\{cu\}t %M" ^ customlog /var/log/httpd/keystone_access.log combined ^ header add Strict-Transport-Security "max-age=15768000" +^ requestheader set X-MAGIC-SOMETHING "%\{MAGIC\}xyz" ^ ^ require all granted ^ diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/config/header.tt b/ncm-metaconfig/src/main/metaconfig/httpd/config/header.tt index ede9debb85..ea262015b0 100644 --- a/ncm-metaconfig/src/main/metaconfig/httpd/config/header.tt +++ b/ncm-metaconfig/src/main/metaconfig/httpd/config/header.tt @@ -1,3 +1,3 @@ [%- FOREACH header IN desc %] -header [% IF header.always %]always [% END %][% header.action %] [% header.name %] [% header.quotes %][% header.value %][% header.quotes %] +[% headermode %]header [% IF header.always %]always [% END %][% header.action %] [% header.name %] [% header.quotes %][% header.value %][% header.quotes %] [% END -%] diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/config/requestheader.tt b/ncm-metaconfig/src/main/metaconfig/httpd/config/requestheader.tt new file mode 100644 index 0000000000..2ae00969aa --- /dev/null +++ b/ncm-metaconfig/src/main/metaconfig/httpd/config/requestheader.tt @@ -0,0 +1 @@ +[% INCLUDE "metaconfig/httpd/config/header.tt" headermode='request' %] diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/config/vhost.tt b/ncm-metaconfig/src/main/metaconfig/httpd/config/vhost.tt index 313bbc9895..6c1fd079a2 100644 --- a/ncm-metaconfig/src/main/metaconfig/httpd/config/vhost.tt +++ b/ncm-metaconfig/src/main/metaconfig/httpd/config/vhost.tt @@ -15,7 +15,8 @@ limitrequestbody [% vhost.limitrequestbody %] protocols [% vhost.protocols.join(' ') %] [% END -%] [%- to_process = ['ssl', 'nss', 'env', 'aliases', 'rewrite', 'redirect', - 'perl', 'wsgi', 'log', 'rails', 'browsermatch', 'passenger', 'oidc', 'header'] -%] + 'perl', 'wsgi', 'log', 'rails', 'browsermatch', 'passenger', + 'oidc', 'header', 'requestheader'] -%] [%- FOREACH p IN to_process -%] [%- IF vhost.exists(p) -%] [% INCLUDE "metaconfig/httpd/config/${p}.tt" desc=vhost.$p %] diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan b/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan index a6bf46e17e..c9c72b4890 100644 --- a/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan +++ b/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan @@ -608,14 +608,23 @@ type httpd_directory = { type httpd_vhost_ip = string with is_ip(SELF) || SELF == '*'; -type httpd_header = { +type httpd_header_base = { "name" : string - "action" : choice('add', 'append', 'echo', 'edit', 'edit*', 'merge', 'set', 'setifempty', 'unset', 'note') "value" : string "quotes" : string = '"' "always" ? boolean }; +type httpd_header = { + include httpd_header_base + "action" : choice('add', 'append', 'echo', 'edit', 'edit*', 'merge', 'set', 'setifempty', 'unset', 'note') +}; + +type httpd_requestheader = { + include httpd_header_base + "action" : choice('add', 'append', 'edit', 'edit*', 'merge', 'set', 'setifempty', 'unset') +}; + type httpd_serveralias = string with match(SELF, '^[\w.*]+$'); # serveralias supports wildcards type httpd_vhost = { @@ -642,6 +651,7 @@ type httpd_vhost = { "browsermatch" ? httpd_browsermatch[] "passenger" ? httpd_passenger_vhost "header" ? httpd_header[] + "requestheader" ? httpd_requestheader[] "protocols" ? httpd_protocols[] };