Document provided information on how to add custom response headers for Integration services, Web apps and identity services.
For Integration and object services Pre/Post processors could be used to add custom request and response headers. Refer Voltmx document : Custom Code for Invoking Object service from Preprocessor or postprocessor - HCL Volt MX Documentation V9.5
Setting headers on Foundry admin console:
NOTE - OnPrem and Single Tenants environments has settings to update response headers.
WebApps :
adminconsole → Settings → Web Apps Configuration
Custom Response Headers shall be in format :
[ {“name”: “Header1”, “value”: “value1”} , {“name”: “Header2”, “value”: “value2”}]
Example : Apply restriction based on parent domain where iFrame/Frame to be rendered :
If the parent domain is https://www.example.com , Content-Security-Policy header will be Content-Security-Policy : frame-ancestors ‘self’ https://www.example.com;
then custom response header shall be [{“name”: “Content-Security-Policy”, “value”: “frame-ancestors ‘self’ https://www.example.com;”}]
Integration services :
adminconsole → Settings → General Configuration
The Service Custom Response Header works only with integration services.
Format of headers : [ {“name”: “Header1”, “value”: “value1”} , {“name”: “Header2”, “value”: “value2”}]
Identity services :
mfconsole->API Management-> Service Configuration
Update Custom Response Headers.
Identity custom response header will be added to all identity services post publish.