Contents

Popular

This feature will set security headers for the AMS/AGS Jetty. 

Headers:

Icon

Security headers are directives used by web applications to configure security defenses in web browsers. Based on these directives, browsers can make it harder to exploit client-side vulnerabilities such as Cross-site Scripting or Clickjacking.

HTTP headers are the name or value pairs that are displayed in the request/response messages of message headers for Hypertext Transfer Protocol (HTTP). HTTP headers are an integral part of HTTP requests and responses. In simpler terms, HTTP headers are the code that transfers data between a Web server and a client.

Setting security headers by providing custom values to the default headers enhances the security of HTTP headers.

API Management Server

Configuring Default Headers in eStudio Profile Manager

To set secure headers in the HTTP response, perform the following actions in eStudio after stopping the AMS:

  1. Open the AMS profile from the Profile Management perspective.



  2. Go to APIManager > Fiorano > APIManager > APIJetty > APIManagerJetty and provide the following value in the DefaultHeaders property:



  3. Save the profile (CTRL+S) and start the AMS server.

Testing the response in Fiorano Dashboard

To confirm whether the settings are applied to the server configuration, perform the following actions in Fiorano Dashboard:

  1. Login to Fiorano API Dashboard (http://localhost:1981/apimgmt).
  2. Perform an action (like clicking the API Projects tab) that invokes a request.
  3. Open browser developer tools (CTRL+SHIFT+I) and refresh the page or click on any tab.

  4. In the Network tab of the browser developer tool, click the name corresponding to the request made (here, apiProjectEvents).

    Icon

    Response Headers values for testHeader1 and testHeader2 attributes reflect the settings in the profile manager configuration.

API Gateway Server

Configuring Default Headers in eStudio Profile Manager

To set secure headers in the HTTP response, perform the following actions in eStudio after stopping the AGS:

  1. Open the AGS profile from the Profile Management perspective.

  2. Go to APIGATEWAY Fiorano APIGateway APIGatewayManager APIGatewayManager and provide the following value in the DefaultResponseHeaders property:



  3. Save the profile (CTRL+S) and start the AGS server.

Testing the response in Fiorano Dashboard

To confirm whether the settings are applied to the server configuration, perform the following actions in Fiorano Dashboard:

  1. Login to Fiorano API Dashboard (http://localhost:1981/apimgmt).
  2. Perform an action (like clicking the API Projects tab) that invokes a request.
  3. Open browser developer tools (CTRL+SHIFT+I) and refresh the page or click on any tab.

  4. In the Network tab of the browser developer tool, click the name corresponding to the request made (here, apiProjectEvents).

    Icon

    Response Headers values for testHeader1 and testHeader2 attributes reflect the settings in the profile manager configuration.

Adaptavist ThemeBuilder EngineAtlassian Confluence