Razi Kheir
10/11/2019, 12:36 AMServerFilters.RequestTracing()
.then(ServerFilters.SetContentType(ContentType.APPLICATION_JSON))
.then(logAPIRequestFilter())
.then(ServerFilters.Cors(corsPolicy))
.then(NoCache())
.then(exceptionToErrorResponseFilter())
.then(lensExceptionFilter())
.then(apiHandler)
`
But for some reason cache control headers are not being returned when I curl (both for responses bigger, smaller than 400 (tried also override and writing true, still didn’t return it)Razi Kheir
10/11/2019, 2:35 AMinternal fun setSecurityHeaders() = ResponseFilters.Tap { response ->
response
.header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
.header("X-XSS-Protection", "1; mode=block")
.header("X-Content-Type-Options", "nosniff")
.header("X-Frame-Options", "DENY")
.header("Content-Security-Policy", "frame-ancestors 'none'")
}
object SetSecurityHeaders {
operator fun invoke(): Filter = Filter { next ->
{
next(it).header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
.header("X-XSS-Protection", "1; mode=block")
.header("X-Content-Type-Options", "nosniff")
.header("X-Frame-Options", "DENY")
.header("Content-Security-Policy", "frame-ancestors 'none'")
}
}
}
First one didn’t add headers to response (using Tap on response), second one added.Razi Kheir
10/11/2019, 2:45 AMobject ResponseFilters {
/**
* Adds security headers to response.
*/
object SetSecurityHeaders {
operator fun invoke(): Filter = Filter { next ->
{
next(it)
.header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
.header("X-XSS-Protection", "1; mode=block")
.header("X-Content-Type-Options", "nosniff")
.header("X-Frame-Options", "DENY")
.header("Content-Security-Policy", "frame-ancestors 'none'")
}
}
}
/**
* Adds cache-control headers.
*/
object NoCache {
operator fun invoke(): Filter = Filter { next ->
{
next(it)
.headers(listOf(
"Cache-Control" to "private, no-cache, no-store, must-revalidate",
"Expires" to "0",
"Pragma" to "no-cache",
"Expires" to "0"
))
}
}
}
}
dave
10/11/2019, 7:28 AMCachingFiltersTest
to ensure that it will work in isolation so the only thing I can think it is that one of your other filters was removing/rewriting requests. Can you put together an example or a Gist to show it not working?Razi Kheir
10/11/2019, 7:40 AM