diff --git a/README.md b/README.md index 0ffbbc1f0..55e7b32f6 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ This will install `http-server` globally so that it may be run from the command |`-S`, `--tls` or `--ssl` |Enable secure request serving with TLS/SSL (HTTPS)|`false`| |`-C` or `--cert` |Path to ssl cert file |`cert.pem` | |`-K` or `--key` |Path to ssl key file |`key.pem` | +|`-H` or `--header` |Add extra header to all response | | |`-r` or `--robots` | Automatically provide a /robots.txt (The content of which defaults to `User-agent: *\nDisallow: /`) | `false` | |`--no-dotfiles` |Do not show dotfiles| | |`--mimetypes` |Path to a .types file for custom mimetype definition| | diff --git a/bin/http-server b/bin/http-server index 7c597fa8a..089b367b7 100755 --- a/bin/http-server +++ b/bin/http-server @@ -55,6 +55,7 @@ if (argv.h || argv.help) { ' -S --tls --ssl Enable secure request serving with TLS/SSL (HTTPS)', ' -C --cert Path to TLS cert file (default: cert.pem)', ' -K --key Path to TLS key file (default: key.pem)', + ' -H --header Add extra header to all response, eg. "X-Frame-Options: DENY"', '', ' -r --robots Respond to /robots.txt [User-agent: *\\nDisallow: /]', ' --no-dotfiles Do not show dotfiles', @@ -173,6 +174,16 @@ function listen(port) { } } + var extraHeaders = argv.H || argv.header; + if (extraHeaders) { + if (Array.isArray(extraHeaders)) { + options.extraHeaders = extraHeaders; + } + else { + options.extraHeaders = [extraHeaders]; + } + } + if (tls) { options.https = { cert: argv.C || argv.cert || 'cert.pem', diff --git a/doc/http-server.1 b/doc/http-server.1 index 8e2796e6e..ec305a239 100644 --- a/doc/http-server.1 +++ b/doc/http-server.1 @@ -116,6 +116,10 @@ Path to SSL key file. If not specified, uses key.pem. Passphrase will be read from NODE_HTTP_SERVER_SSL_PASSPHRASE (if set) +.TP +.BI \-H ", " \-\-header " " [\fIHEADER\fR] +Add extra header to all response. + .TP .BI \-r ", " \-\-robots " " [\fIUSER\-AGENT\fR] Respond to /robots.txt request. diff --git a/lib/http-server.js b/lib/http-server.js index dfe4c474c..79b5fa629 100644 --- a/lib/http-server.js +++ b/lib/http-server.js @@ -110,6 +110,13 @@ function HttpServer(options) { } : null)); } + if (options.extraHeaders) { + options.extraHeaders.forEach(function (header) { + var split = header.split(/:(.+)?/); + this.headers[split[0]] = split[1]; + }, this); + } + if (options.robots) { before.push(function (req, res) { if (req.url === '/robots.txt') { diff --git a/test/main.test.js b/test/main.test.js index df4c65b8f..f6ae582ed 100644 --- a/test/main.test.js +++ b/test/main.test.js @@ -30,7 +30,11 @@ test('http-server main', (t) => { corsHeaders: 'X-Test', ext: true, brotli: true, - gzip: true + gzip: true, + extraHeaders: [ + 'Authorization:CustomToken', + 'X-API-Key:VerySecureAndRandomToken' + ] }); server.listen(8080, async () => { try { @@ -63,6 +67,10 @@ test('http-server main', (t) => { // Custom headers t.equal(res.headers['access-control-allow-origin'], '*'); t.equal(res.headers['access-control-allow-credentials'], 'true'); + + // Custom extra headers + t.equal(res.headers['authorization'], 'CustomToken'); + t.equal(res.headers['x-api-key'], 'VerySecureAndRandomToken'); }).catch(err => t.fail(err.toString())), // Get robots