Skip to main content

Add or Set Request Headers Policy

The set header policy adds a header to the request in the inbound pipeline. This can be used to set a security header required by the downstream service. For example, if your backend service uses basic authentication you might use this policy to attach the Basic auth header to the request:

{
  "export": "SetHeadersInboundPolicy",
  "module": "$import(@zuplo/runtime)",
  "options": {
    "headers": [
      {
        "name": "Authorization",
        "value": "Basic DIGEST_HERE",
        "overwrite": true
      }
    ]
  }
}

When doing this, you most likely want to set the secret as an environment variable, which can be accessed in the policy as follows

{
  "export": "SetHeadersInboundPolicy",
  "module": "$import(@zuplo/runtime)",
  "options": {
    "headers": [
      {
        "name": "Authorization",
        "value": "$env(BASIC_AUTHORIZATION_HEADER_VALUE)",
        "overwrite": true
      }
    ]
  }
}

And you would set the environment variable BASIC_AUTHORIZATION_HEADER_VALUE to Basic DIGEST_HERE.

Configuration

{
  "name": "my-set-headers-inbound-policy",
  "policyType": "set-headers-inbound",
  "handler": {
    "export": "SetHeadersInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "headers": [
        {
          "name": "HEADER_NAME",
          "value": "HEADER_VALUE",
          "overwrite": true
        }
      ]
    }
  }
}
  • name the name of your policy instance. This is used as a reference in your routes.
  • policyType the identifier of the policy. This is used by the Zuplo UI. Value should be set-headers-inbound.
  • handler/export The name of the exported type. Value should be SetHeadersInboundPolicy.
  • handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
  • handler/options The options for this policy:
    • headers

      An array of name and value objects (with an optional overwrite boolean)

Read more about how policies work