quattor · stdweird · Mar 31, 2025
diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/profiles/keystone.pan b/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/profiles/keystone.pan
@@ -97,3 +97,9 @@ prefix "contents";
     'name', 'Strict-Transport-Security',
     'value', 'max-age=15768000'
     ));
+
+"vhosts/keystone/requestheader" = append(dict(
+    'action', 'set',
+    'name', 'X-MAGIC-SOMETHING',
+    'value', '%{MAGIC}xyz'
+    ));
diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/regexps/keystone/base b/ncm-metaconfig/src/main/metaconfig/httpd/2.4/tests/regexps/keystone/base
@@ -33,6 +33,7 @@ Base test for keystone wsgi config
 ^    errorlogformat "%\{cu\}t %M" 
 ^    customlog /var/log/httpd/keystone_access.log combined
 ^    header add Strict-Transport-Security "max-age=15768000"
+^    requestheader set X-MAGIC-SOMETHING "%\{MAGIC\}xyz"
 ^    <directory /usr/bin>
 ^        require all granted
 ^    </directory>

diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/config/header.tt b/ncm-metaconfig/src/main/metaconfig/httpd/config/header.tt
@@ -1,3 +1,3 @@
 [%- FOREACH header IN desc %]
-header [% IF header.always %]always [% END %][% header.action %] [% header.name %] [% header.quotes %][% header.value %][% header.quotes %]
+[% headermode %]header [% IF header.always %]always [% END %][% header.action %] [% header.name %] [% header.quotes %][% header.value %][% header.quotes %]
 [% END -%]
diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/config/requestheader.tt b/ncm-metaconfig/src/main/metaconfig/httpd/config/requestheader.tt
@@ -0,0 +1 @@
+[% INCLUDE "metaconfig/httpd/config/header.tt" headermode='request' %]
diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/config/vhost.tt b/ncm-metaconfig/src/main/metaconfig/httpd/config/vhost.tt
@@ -15,7 +15,8 @@ limitrequestbody [% vhost.limitrequestbody %]
 protocols [% vhost.protocols.join(' ') %]
 [% END -%]
 [%- to_process = ['ssl', 'nss', 'env', 'aliases', 'rewrite', 'redirect',
-                  'perl', 'wsgi', 'log', 'rails', 'browsermatch', 'passenger', 'oidc', 'header'] -%]
+                  'perl', 'wsgi', 'log', 'rails', 'browsermatch', 'passenger',
+                  'oidc', 'header', 'requestheader'] -%]
 [%- FOREACH p IN  to_process -%]
 [%-      IF vhost.exists(p) -%]
 [%          INCLUDE "metaconfig/httpd/config/${p}.tt" desc=vhost.$p %]

diff --git a/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan b/ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan
@@ -608,14 +608,23 @@ type httpd_directory = {
 
 type httpd_vhost_ip = string with is_ip(SELF) || SELF == '*';
 
-type httpd_header = {
+type httpd_header_base = {
     "name" : string
-    "action" : choice('add', 'append', 'echo', 'edit', 'edit*', 'merge', 'set', 'setifempty', 'unset', 'note')
     "value" : string
     "quotes" : string = '"'
     "always" ? boolean
 };
 
+type httpd_header = {
+    include httpd_header_base
+    "action" : choice('add', 'append', 'echo', 'edit', 'edit*', 'merge', 'set', 'setifempty', 'unset', 'note')
+};
+
+type httpd_requestheader = {
+    include httpd_header_base
+    "action" : choice('add', 'append', 'edit', 'edit*', 'merge', 'set', 'setifempty', 'unset')
+};
+
 type httpd_serveralias = string with match(SELF, '^[\w.*]+$');  # serveralias supports wildcards
 
 type httpd_vhost = {
@@ -642,6 +651,7 @@ type httpd_vhost = {
     "browsermatch" ? httpd_browsermatch[]
     "passenger" ? httpd_passenger_vhost
     "header" ? httpd_header[]
+    "requestheader" ? httpd_requestheader[]
     "protocols" ? httpd_protocols[]
 };
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		[% INCLUDE "metaconfig/httpd/config/header.tt" headermode='request' %]