Add Header taken from query parameter - haproxy

In my application to like to do a navigate to a link. Unfortunately, I am not able to add an access token to the Authorization header.
For this reason, I like to add it as a query parameter. When the request is processed in HAProxy I like to retrieve query parameter and add an Authorization header using the parameter value.
I would be very happy if someone has an idea why it is not working;
The following configuration I have added to HAProxy configuration. We testing I notice that the header is added, as it overwrites the Authorization when I add a header for test purpose.
Thanks,
Andreas
http-request set-var(req.token) urlp(token)
http-request set-header Authorization var(req.token)

You're missing %[...] around your set-header fmt expression, namely:
http-request set-var(req.token) urlp(token)
http-request set-header Authorization %[var(req.token)]

Related

Haproxy removing headers when using http-request return code

I am trying to add OPTIONS inside haproxy instead adding it in every rest api. I am using something like this:
acl is_options method OPTIONS
use_backend cors_backend if is_options
backend cors_backend
http-request return status 200
In previous part of haproxy.cfg I added some CORS headers and everything works fine for api calls going to my rest api servers, but when I use cors_backend to send response directly from haproxy, all headers I added above are removed.
Is this expected, is there some way to preserve headers? Maybe it is not good idea to add OPTIONS to haproxy at all

Add a uuid4 header Haproxy

As far as I can tell haproxy doesn't support setting a UUID as a header value, but I'm wondering if there's some method I have overlooked, maybe a lua script that could add a uuid value for a header if the header isn't present?
I have a header parameter x-request-id that is a uuid4 used to uniquely identify requests. This header can be set by the client. However not all clients set the header. Ideally I'd like to add this header in haproxy if it isn't present so the request can be tracked from the edge.
HAProxy 2.1 introduced support for a uuid fetch, which supports uuid4

API Gateway HTTP integration, how do I pass the authorization header?

I'm in "Integration Request". I've set HTTP integration type and the Endpoint URL.
Below, I see "HTTP Headers, but if I try to add an header, there is a strange "mapped from" value I don't understand.
Setting an HTTP Proxy integration add a Mapping template I also don't understand.
I just need to pass the Authorization:xxxx and X-Auth-Username:xxxxx from the original request to the endpoint
Can't find an easy way...
I set HTTP proxy integration and added in the HTTP Headers (and deployed):
method.request.header.Authorization
method.request.header.X-Auth-Username
I also added as required Authoriaxtion and X-Auth-Username in Method request header as required.
But I get an error upon calling the api:
Authorization header requires 'Credential' parameter.
Authorization header requires 'Signature' parameter.
Authorization header requires 'SignedHeaders' parameter.
Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header
Hmmm maybe it's a "naming" problem?
So I changed "authorization" with MyAuthentication in the method request, and after in the integration Header, I mapped Authorization to
method.request.header.MyAuthentication
Now if I call my api with MyAuthorization in the header, I get "Missing Authentication Token", without hitting the api server
Click on 'Method Request' , expand 'HTTP Request Headers' and add a header Authorization . Now go back and click on 'Integration Request' , expand 'HTTP Headers' and add Header Name Authorization and 'Mapped from' method.request.header.Authorization . Basically for any header XYZ on 'Method Request' tab should have corresponding mapping on 'Integration Request' method.request.header.XYZ .
To Correctly use aws API Gateway as a pure http proxy and make it pass the Authorization header as-is to your backend API, you need to do two things:
In the Method Request: Make sure to add the Authorization header to the Http Request Headers section.
With this, AWS does not assume that the Authorization header is of your own implementation and the gateway does not expect it to contain AWS own format of multiple parameters such as SignedHeaders, Signature, X-Amz-Date , etc..
2. In the Integration Request: Make sure to select the Use HTTP Proxy Integration.
This makes sure that the request is being sent to the target as-is and thus the Authorization header not to be consumed and discarded as part of AWS own SigV4 authorization.
The following was correct...I was calling the original api path instead of te api gateway path....
I set HTTP proxy integration and added in the HTTP Headers (and deployed):
method.request.header.Authorization
method.request.header.X-Auth-Username

Rest API/ Soap UI Tool - How to Pass Cookie manually while hitting the end point

I am new to RESTful services testing and got stuck where to establish connection to end point I need to pass Cookie. I have the parameter and Value but not sure how to pass Cookie manually (not through header or Groovy script) while hitting request.
TL;DR
Cookies are nothing but a header with a name cookie and header-value in a format name=value; anothername=anothervalue; yetanotherone=yetanothervalue;, as far as an http-request is concerned
Read On
From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie
The Cookie HTTP request header contains stored HTTP cookies previously
sent by the server with the Set-Cookie header.
The Cookie header is optional and may be omitted if, for example, the
browser's privacy settings block cookies.
How to send Cookie
Just like any other header. Only condition is, Header name should be cookie and Header-value should be in name=value; anothername=anothervalue; yetanotherone=yetanothervalue; format.
Curl
curl -v --cookie "USER_TOKEN=my-most-secure-session-id" http://localhost:8080/
If you want your curl to read the cookie file and send it
use curl -c /path/to/cookiefile http://yourhost/
More here : https://curl.haxx.se/docs/http-cookies.html
How to send it using SoapUI
Sending cookie as request header in SOAP UI request for rest web service
Establish User session (Login) using chrome or firefox and goto the developer tab and copy the cookie value and send that along with your soapUI request as a header. (Congrats, you are hijacking your own session)
For any test that you need to pass the cookie around, in soapUI, go to the testcase options and turn on "maintain HTTP session".
http://www.soapui.org/soapui-projects/form-based-authentication.html
This is my google chrome developer tab which shows stackoverflow page's requestheaders
Just send the http header
Cookie: name=value
To the server

Can I programmately set the referer header of a request?

Is there any way, using javascript on a page or in any other way, to forward a user to another page or just make him make a GET request, but the HTTP request he sends to the target page to have a custom referer header?
For example can i do something like
request.setRequestHeader("Referer", "http://www.google.com");
?
I dont think you can do this using Javascript.
The modern browsers will not allow you to fake the Referer header.
make
wget --header='Referer: http://yourtestreferer.com/' http://target.com