HTTP Response Header Management
HTTP response headers are part of the response returned by APIG to a client that calls an API. You can customize HTTP response headers that will be contained in an API response.
- If your gateway does not support this policy, contact technical support to upgrade the gateway to the latest version.
- Policy parameters will be stored as plaintext. To prevent information leakage, do not contain sensitive information in these parameters.
Usage Guidelines
- You cannot modify the response headers (including x-apig-* and x-request-id) added by APIG or the headers required for CORS.
- An API can be bound with only one policy of the same type.
- Policies are independent of APIs. A policy takes effect for an API only after they are bound to each other. When binding a policy to an API, you must specify an environment where the API has been published. The policy takes effect for the API only in the specified environment.
- After you bind a policy to an API, unbind the policy from the API, or update the policy, you do not need to publish the API again.
- Taking an API offline does not affect the policies bound to it. The policies are still bound to the API if the API is published again.
- Policies that have been bound to APIs cannot be deleted.
Creating an HTTP Response Header Management Policy
- Go to the APIG console.
- Select a dedicated gateway at the top of the navigation pane.
- In the navigation pane, choose API Management > API Policies.
- On the Policies tab, click Create Policy.
- On the Select Policy Type page, select HTTP Response Header Management in the Plug-ins area.
- Set the policy information.
Table 1 HTTP response header parameters Parameter
Description
Name
Enter a policy name. Using naming rules facilitates future search.
Type
Fixed as HTTP Response Header Management.
Description
Description about the plug-in.
Policy Content
Content of the plug-in, which can be configured in a form or using a script.
Name
Response header name, which is case-insensitive and must be unique within a plug-in. You can add a maximum of 10 response headers.
Value_type
Response header type.
system_parameter: Use a system parameter as the value of the response header.
custom_value: The customized content is used as the value of the response header.
String:
Value
Value of the response header. This parameter does not take effect and can be left blank if you set Action to Delete.
Action
Response header operation. You can override, append, delete, skip, or add response headers.
Override
- The value of this response header will override the value of the same response header that exists in an API response.
- If an API response contains multiple response headers with the same name, only the value of this response header will be returned.
- If there is no response header with the same name in an API response, the value of this response header will be returned.
Append
- If an API response contains the specified header, the value you set here will be added, following the existing value. The two values will be separated with commas (,).
- If an API response contains multiple response headers with the same name, values of these response headers will be returned and separated with commas (,), appended by the value of this response header.
- If there is no response header with the same name in an API response, the value of this response header will be returned.
Delete
- This response header will be deleted if a response header with the same name exists in an API response.
- If an API response contains multiple response headers with the same name, all these response headers will be deleted.
Skip
- This response header will be skipped if a response header with the same name exists in an API response.
- If an API response contains multiple response headers with the same name, values of all these response headers will be returned.
- If there is no response header with the same name in an API response, the value of this response header will be returned.
Add
The value of this response header will be returned in an API response even if the response contains a response header with the same name.
- Click OK.
- To clone this policy, click Clone in the Operation column.
The name of a cloned policy cannot be the same as that of any existing policy.
- After the policy is created, perform the operations described in Binding the Policy to APIs for the policy to take effect for the API.
- To clone this policy, click Clone in the Operation column.
Example Script
{
"response_headers": [
{
"name": "test",
"value": "test",
"action": "append"
},
{
"name": "test1",
"value": "test1",
"action": "override"
}
]
}
Binding the Policy to APIs
- Click a policy name to go to the policy details page.
- Select an environment and click Select APIs.
- Select the API group, environment, and required APIs.
APIs can be filtered by API name or tag. The tag is defined during API creation.
- Click OK.
- If an API no longer needs this policy, click Unbind in the row that contains the API.
- If there are multiple APIs that no longer need this policy, select these APIs, and click Unbind above the API list. You can unbind a policy from a maximum of 1000 APIs at a time.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
