Allow providing arbitrary HTTP headers for a uri style destination
#5046
Comments
|
Interesting, this might require to modify the |
|
I'd be down to define this more. When we were working on defining the Destination we did talk about some other things that we might want to bake in there, and one of the use cases was tokens. I not convinced however that we want to expand Destination to include a token (visible to anybody that can see the resources), but maybe a ref to a secret or something, but would be good to define couple of use cases for this and then figure out the best way to implement. |
|
@ctron could you elaborate a bit more on the use-case so we can ensure any security requirements are properly met while integrating this into our apis? |
lberk
added
the
priority/awaiting-more-evidence
|
My concrete use case is Eclipse Ditto in "pre-authenticated" mode: https://www.eclipse.org/ditto/installation-operating.html#pre-authentication That requires to set a custom header I am pretty sure there are other use cases, providing standard or non-standard headers to influence the processing on the server side. Security related or not. |
lberk
added
priority/important-longterm
|
This issue is stale because it has been open for 90 days with no |
github-actions
bot
added
the
lifecycle/stale
Problem
Using a
urias a destination (e.g. in aSequence) the receiving endpoint might be secured and require additional information to allow access.One way to achieve this may be a custom header, which currently cannot be presented as only a URI can be provided.
I guess the same is true when using a
refinstead of auri.Persona:
Event consumer
Exit Criteria
Configure a Sequence with arbitrary additional HTTP headers, check that the receiving endpoint receives these.
Time Estimate (optional):
1
Additional context (optional)
The text was updated successfully, but these errors were encountered: