Contents

Popular

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This feature will set security headers for the API Management Server (AMS) AMS/AGS Jetty. 

Info
titleHeaders:

Security headers are directives used by web applications to configure security defenses in web browsers. Based on these directives, browsers can make it harder to exploit client-side vulnerabilities such as Cross-site Scripting or Clickjacking.

HTTP headers are the name or value pairs that are displayed in the request/response messages of message headers for Hypertext Transfer Protocol (HTTP). HTTP headers are an integral part of HTTP requests and responses. In simpler terms, HTTP headers are the code that transfers data between a Web server and a client.

Setting security headers by providing custom values to the default headers enhances the security of HTTP headers.

Table of Contents

API Management Server

Configuring Default Headers in eStudio Profile Manager

...

  1. Open the AMS profile from the Profile Management perspective.



  2. Go to APIManager > Fiorano > APIManager > APIJetty > APIManagerJetty and provide the following value in the DefaultHeaders property:

    Code Block
    testHeader1: testValue1:::testHeader2: testValue2


     


  3. Save the profile (CTRL+S) and start the AMS server.

...

  1. Login to Fiorano API Dashboard (http://localhost:1981/apimgmt).
  2. Perform an action (like clicking the API Projects tab) that invokes a request.
  3. Open browser developer tools (CTRL+SHIFT+I) and refresh the page or click on any tab.
  4. In the Network tab of the browser developer tool, click the name corresponding to the request made (here, apiProjectEvents).

    Tip

    Response Headers values for testHeader1 and testHeader2 attributes reflect the settings in the profile manager configuration.

API Gateway Server

Configuring Default Headers in eStudio Profile Manager

To set secure headers in the HTTP response, perform the following actions in eStudio after stopping the AGS:

  1. Open the AGS profile from the Profile Management perspective.

  2. Go to APIGATEWAY Fiorano APIGateway APIGatewayManager APIGatewayManager and provide the following value in the DefaultResponseHeaders property:

    Code Block
    testHeader1: testValue1:::testHeader2: testValue2

    Image Added

  3. Save the profile (CTRL+S) and start the AGS server.

Testing the response in Fiorano Dashboard

To confirm whether the settings are applied to the server configuration, perform the following actions in Fiorano Dashboard:

  1. Login to Fiorano API Dashboard (http://localhost:1981/apimgmt).
  2. Perform an action (like clicking the API Projects tab) that invokes a request.
  3. Open browser developer tools (CTRL+SHIFT+I) and refresh the page or click on any tab.
  4. In the Network tab of the browser developer tool, click the name corresponding to the request made (here, apiProjectEvents).

    Tip

    Response Headers values for testHeader1 and testHeader2 attributes reflect the settings in the profile manager configuration.

Adaptavist ThemeBuilder EngineAtlassian Confluence