Configure application headers
An application configuration file can define headers specific to the application or service.
You can customize the header information sent in a HTTP request in a number of ways. You can set custom headers by coding them in your Genero application, or you can add customized HTTP headers to the application or service configuration.
Request headers in the application or service configuration can be useful for passing additional information in the request. One use case would be to add special authentication information, such as tokens, to the headers of HTTP requests.
- The HEADER (Common) element defined in the JGAS configuration file (as.xcf). HTTP headers defined here are common to all applications.
- The HEADER (Dedicated) element defined in the application or service configuration file.
HEADER (Common)
A typical use case for common HTTP headers sets the HTTP Strict Transport Security (HSTS) headers
that comply with Open Web Application Security Project (OWASP) recommendations. These headers would apply to all
applications; the best practice recommendation is to set them in the JGAS configuration file. For examples, go to the node
/CONFIGURATION/APPLICATION_SERVER/INTERFACE_TO_CONNECTOR/HTTP in the default
as.xcf ($FGLASDIR/etc/as.xcf).
HEADER (Dedicated)
If you need to add additional headers on a per application or service basis, you can set these
with HEADER (Dedicated) elements in the
HTTP element of the application or service configuration file. The JGAS adds these headers to every
HTTP request to the application or service URL, in addition to the common headers.
In requests to the JGAS where the application URL is not used, the common headers are always sent; however, the JGAS does not send the dedicated headers. Examples of such requests include requests for public resources, such as images (/ua/i), and reports (/ua/report/).