https://kotlinlang.org logo
Join Slack
Powered by
Another question, I have the following filters set...
# http4k
r
Another question, I have the following filters set up on my handler:
Copy code
ServerFilters.RequestTracing()
      .then(ServerFilters.SetContentType(ContentType.APPLICATION_JSON))
            .then(logAPIRequestFilter())
            .then(ServerFilters.Cors(corsPolicy))
            .then(NoCache())
            .then(exceptionToErrorResponseFilter())
            .then(lensExceptionFilter())
            .then(apiHandler)
`
But for some reason cache control headers are not being returned when I curl (both for responses bigger, smaller than 400 (tried also override and writing true, still didn’t return it)
Also
Copy code
internal fun setSecurityHeaders() = ResponseFilters.Tap { response ->
    response
        .header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
        .header("X-XSS-Protection", "1; mode=block")
        .header("X-Content-Type-Options", "nosniff")
        .header("X-Frame-Options", "DENY")
        .header("Content-Security-Policy", "frame-ancestors 'none'")
}

object SetSecurityHeaders {
    operator fun invoke(): Filter = Filter { next ->
        {
            next(it).header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
                .header("X-XSS-Protection", "1; mode=block")
                .header("X-Content-Type-Options", "nosniff")
                .header("X-Frame-Options", "DENY")
                .header("Content-Security-Policy", "frame-ancestors 'none'")
        }
    }
}
First one didn’t add headers to response (using Tap on response), second one added.
Ended up added these headers like this:
Copy code
object ResponseFilters {

    /**
     * Adds security headers to response.
     */
    object SetSecurityHeaders {
        operator fun invoke(): Filter = Filter { next ->
            {
                next(it)
                    .header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
                    .header("X-XSS-Protection", "1; mode=block")
                    .header("X-Content-Type-Options", "nosniff")
                    .header("X-Frame-Options", "DENY")
                    .header("Content-Security-Policy", "frame-ancestors 'none'")
            }
        }
    }

    /**
     * Adds cache-control headers.
     */
    object NoCache {
        operator fun invoke(): Filter = Filter { next ->
            {
                next(it)
                    .headers(listOf(
                        "Cache-Control" to "private, no-cache, no-store, must-revalidate",
                        "Expires" to "0",
                        "Pragma" to "no-cache",
                        "Expires" to "0"
                    ))
            }
        }
    }
}
d
A couple of things here: 1. Does the last message above mean that you are unblocked? 2. Remember that Requests and Responses in http4k are immutable. This means that a Tap filter cannot be used to modify the request. For info on what a Tap is, see here: http://bluebirdjs.com/docs/api/tap.html 3. I'm not sure why the NoCache filter wasn't working for you - we do have tests see 
CachingFiltersTest
to ensure that it will work in isolation so the only thing I can think it is that one of your other filters was removing/rewriting requests. Can you put together an example or a Gist to show it not working?
r
I’m unblocked yes 🙂 Thanks for the info as always 🙂
2 Views
Open in Slack
PreviousNext
Powered by