Skip to content

Add an option to add headers to only SSL request responses. #2850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
drgrice1 wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Add an option to add headers to only SSL request responses. #2850

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions conf/webwork2.mojolicious.dist.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,16 @@ JSON_ERROR_LOG: 0
# /pg_files:
# Access-Control-Allow-Origin: '*'

# The extra_ssl_headers option is much like the extra_headers option above,
# except that these headers are only added to responses to secure SSL requests.
# The example below adds the Strict-Transport-Security header to responses to
# all SSL requests. Note that like the extra_headers option above, headers can
# be added to only specific paths as well (but only if the request is secure).

#extra_ssl_headers:
# '.*':
# Strict-Transport-Security: 'max-age=31536000; includeSubDomains; preload'

# The user and group to run the server as. These are only used when the
# webwork2 app is in production mode and run as the root user. This means that
# these settings are not used when proxying via another web server like apache2
Expand Down
19 changes: 15 additions & 4 deletions lib/Mojolicious/WeBWorK.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,13 +100,24 @@ sub startup ($app) {
);

# Add a hook to add extra headers if set in the config file.
if (ref $config->{extra_headers} eq 'HASH') {
if (ref $config->{extra_headers} eq 'HASH' || ref $config->{extra_ssl_headers} eq 'HASH') {
my $extraHeaders = ref $config->{extra_headers} eq 'HASH' ? $config->{extra_headers} : {};
my $extraSSLHeaders = ref $config->{extra_ssl_headers} eq 'HASH' ? $config->{extra_ssl_headers} : {};
$app->hook(
before_dispatch => sub ($c) {
for my $path (keys %{ $config->{extra_headers} }) {
for my $path (keys %$extraHeaders) {
if ($c->req->url->path =~ /^$path/) {
for (keys %{ $config->{extra_headers}{$path} }) {
$c->res->headers->header($_ => $config->{extra_headers}{$path}{$_});
for (keys %{ $extraHeaders->{$path} }) {
$c->res->headers->header($_ => $extraHeaders->{$path}{$_});
}
}
}
if ($c->req->is_secure) {
for my $path (keys %$extraSSLHeaders) {
if ($c->req->url->path =~ /^$path/) {
for (keys %{ $extraSSLHeaders->{$path} }) {
$c->res->headers->header($_ => $extraSSLHeaders->{$path}{$_});
}
}
}
}
Expand Down