Added global HTTP response headers configuration. Resolves #3788.

Author: kashimiz

src/WebJobs.Script.WebHost/Configuration/CustomHttpHeadersOptions.cs

@@ -0,0 +1,14 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Configuration
+{
+    /// <summary>
+    /// Gets or sets the list of headers to add to every HTTP response.
+    /// </summary>
+    public class CustomHttpHeadersOptions : Dictionary<string, string>
+    {
+    }
+}

src/WebJobs.Script.WebHost/Configuration/CustomHttpHeadersOptionsSetup.cs

@@ -0,0 +1,26 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using Microsoft.Azure.WebJobs.Script.Configuration;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Configuration
+{
+    internal class CustomHttpHeadersOptionsSetup : IConfigureOptions<CustomHttpHeadersOptions>
+    {
+        private readonly IConfiguration _configuration;
+
+        public CustomHttpHeadersOptionsSetup(IConfiguration configuration)
+        {
+            _configuration = configuration;
+        }
+
+        public void Configure(CustomHttpHeadersOptions options)
+        {
+            IConfigurationSection jobHostSection = _configuration.GetSection(ConfigurationSectionNames.JobHost);
+            var httpGlobalSection = jobHostSection.GetSection(ConfigurationSectionNames.CustomHttpHeaders);
+            httpGlobalSection.Bind(options);
+        }
+    }
+}

src/WebJobs.Script.WebHost/Middleware/CustomHttpHeadersMiddleware.cs

@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Azure.WebJobs.Script.Middleware;
+using Microsoft.Azure.WebJobs.Script.WebHost.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Middleware
+{
+    public class CustomHttpHeadersMiddleware : IJobHostHttpMiddleware
+    {
+        private readonly CustomHttpHeadersOptions _hostOptions;
+
+        public CustomHttpHeadersMiddleware(IOptions<CustomHttpHeadersOptions> hostOptions)
+        {
+            _hostOptions = hostOptions.Value;
+        }
+
+        public async Task Invoke(HttpContext context, RequestDelegate next)
+        {
+            await next(context);
+
+            foreach (var header in _hostOptions)
+            {
+                context.Response.Headers.TryAdd(header.Key, header.Value);
+            }
+        }
+    }
+}

src/WebJobs.Script.WebHost/WebScriptHostBuilderExtension.cs

@@ -12,6 +12,7 @@
 using Microsoft.Azure.WebJobs.Script.WebHost.DependencyInjection;
 using Microsoft.Azure.WebJobs.Script.WebHost.Diagnostics;
 using Microsoft.Azure.WebJobs.Script.WebHost.Management;
+using Microsoft.Azure.WebJobs.Script.WebHost.Middleware;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Hosting;
@@ -33,6 +34,7 @@ public static IHostBuilder AddWebScriptHost(this IHostBuilder builder, IServiceP
                     // register default configuration
                     // must happen before the script host is added below
                     services.ConfigureOptions<HttpOptionsSetup>();
+                    services.ConfigureOptions<CustomHttpHeadersOptionsSetup>();
                     services.ConfigureOptions<HostHstsOptionsSetup>();
 
                     // Add logging service early.
@@ -79,6 +81,7 @@ public static IHostBuilder AddWebScriptHost(this IHostBuilder builder, IServiceP
                     services.TryAddSingleton<IScriptWebHookProvider>(p => p.GetService<DefaultScriptWebHookProvider>());
                     services.TryAddSingleton<IWebHookProvider>(p => p.GetService<DefaultScriptWebHookProvider>());
                     services.TryAddSingleton<IJobHostMiddlewarePipeline, DefaultMiddlewarePipeline>();
+                    services.TryAddSingleton<IJobHostHttpMiddleware, CustomHttpHeadersMiddleware>();
                     services.TryAddSingleton<IJobHostHttpMiddleware, HstsConfigurationMiddleware>();
 
                     // Make sure the registered IHostIdProvider is used

src/WebJobs.Script/Config/ConfigurationSectionNames.cs

@@ -15,5 +15,6 @@ public static class ConfigurationSectionNames
         public const string ManagedDependency = "managedDependency";
         public const string Http = "http";
         public const string Hsts = Http + ":hsts";
+        public const string CustomHttpHeaders = Http + ":customHeaders";
     }
 }

test/WebJobs.Script.Tests.Integration/Middleware/CustomHeadersMiddlewareCSharpEndToEndTests.cs

@@ -0,0 +1,50 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+using Microsoft.Azure.WebJobs.Script.Rpc;
+using Xunit;
+
+namespace Microsoft.Azure.WebJobs.Script.Tests.Middleware
+{
+    public class CustomHeadersMiddlewareCSharpEndToEndTests :
+        CustomHeadersMiddlewareEndToEndTestsBase<CustomHeadersMiddlewareCSharpEndToEndTests.TestFixture>
+    {
+        public CustomHeadersMiddlewareCSharpEndToEndTests(TestFixture fixture) : base(fixture)
+        {
+        }
+
+        [Fact]
+        public Task CustomHeadersMiddlewareRootUrl()
+        {
+            return CustomHeadersMiddlewareRootUrlTest();
+        }
+
+        [Fact]
+        public Task CustomHeadersMiddlewareAdminUrl()
+        {
+            return CustomHeadersMiddlewareAdminUrlTest();
+        }
+
+        [Fact]
+        public Task CustomHeadersMiddlewareHttpTriggerUrl()
+        {
+            return CustomHeadersMiddlewareHttpTriggerUrlTest();
+        }
+
+        [Fact]
+        public Task CustomHeadersMiddlewareExtensionWebhookUrl()
+        {
+            return CustomHeadersMiddlewareExtensionWebhookUrlTest();
+        }
+
+        public class TestFixture : CustomHeadersMiddlewareTestFixture
+        {
+            private const string ScriptRoot = @"TestScripts\CustomHeadersMiddleware\CSharp";
+
+            public TestFixture() : base(ScriptRoot, "csharp", LanguageWorkerConstants.DotNetLanguageWorkerName)
+            {
+            }
+        }
+    }
+}

test/WebJobs.Script.Tests.Integration/Middleware/CustomHeadersMiddlewareEndToEndTestsBase.cs

@@ -0,0 +1,99 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Microsoft.Azure.WebJobs.Script.Models;
+using Xunit;
+
+namespace Microsoft.Azure.WebJobs.Script.Tests.Middleware
+{
+    public abstract class CustomHeadersMiddlewareEndToEndTestsBase<TTestFixture> :
+        EndToEndTestsBase<TTestFixture> where TTestFixture : CustomHeadersMiddlewareTestFixture, new()
+    {
+        public CustomHeadersMiddlewareEndToEndTestsBase(TTestFixture fixture) : base(fixture)
+        {
+        }
+
+        protected async Task CustomHeadersMiddlewareRootUrlTest()
+        {
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, string.Empty);
+
+            HttpResponseMessage response = await Fixture.Host.HttpClient.SendAsync(request);
+            response.EnsureSuccessStatusCode();
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            IEnumerable<string> values;
+            Assert.True(response.Headers.TryGetValues("X-Content-Type-Options", out values));
+            Assert.Equal("nosniff", values.FirstOrDefault());
+        }
+
+        protected async Task CustomHeadersMiddlewareAdminUrlTest()
+        {
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "admin/host/ping");
+
+            HttpResponseMessage response = await Fixture.Host.HttpClient.SendAsync(request);
+            response.EnsureSuccessStatusCode();
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            IEnumerable<string> values;
+            Assert.True(response.Headers.TryGetValues("X-Content-Type-Options", out values));
+            Assert.Equal("nosniff", values.FirstOrDefault());
+        }
+
+        protected async Task CustomHeadersMiddlewareHttpTriggerUrlTest()
+        {
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "api/HttpTrigger");
+
+            HttpResponseMessage response = await Fixture.Host.HttpClient.SendAsync(request);
+            response.EnsureSuccessStatusCode();
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            IEnumerable<string> values;
+            Assert.True(response.Headers.TryGetValues("X-Content-Type-Options", out values));
+            Assert.Equal("nosniff", values.FirstOrDefault());
+        }
+
+        protected async Task CustomHeadersMiddlewareExtensionWebhookUrlTest()
+        {
+            var secrets = await Fixture.Host.SecretManager.GetHostSecretsAsync();
+            var url = $"/runtime/webhooks/durableTask/instances?taskHub=MiddlewareTestHub&code={secrets.MasterKey}";
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url);
+
+            HttpResponseMessage response = await Fixture.Host.HttpClient.SendAsync(request);
+            response.EnsureSuccessStatusCode();
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            IEnumerable<string> values;
+            Assert.True(response.Headers.TryGetValues("X-Content-Type-Options", out values));
+            Assert.Equal("nosniff", values.FirstOrDefault());
+        }
+    }
+
+    public abstract class CustomHeadersMiddlewareTestFixture: EndToEndTestFixture
+    {
+        protected override ExtensionPackageReference[] GetExtensionsToInstall()
+        {
+            return new ExtensionPackageReference[]
+            {
+                new ExtensionPackageReference
+                {
+                    Id = "Microsoft.Azure.WebJobs.Extensions.DurableTask",
+                    Version = "1.8.2"
+                }
+            };
+        }
+
+        protected CustomHeadersMiddlewareTestFixture(string rootPath, string testId, string language) :
+            base(rootPath, testId, language)
+        {
+        }
+    }
+}

test/WebJobs.Script.Tests.Integration/Middleware/CustomHeadersMiddlewareNodeEndToEndTests.cs

@@ -0,0 +1,50 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+using Microsoft.Azure.WebJobs.Script.Rpc;
+using Xunit;
+
+namespace Microsoft.Azure.WebJobs.Script.Tests.Middleware
+{
+    public class CustomHeadersMiddlewareNodeEndToEndTests :
+        CustomHeadersMiddlewareEndToEndTestsBase<CustomHeadersMiddlewareNodeEndToEndTests.TestFixture>
+    {
+        public CustomHeadersMiddlewareNodeEndToEndTests(TestFixture fixture) : base(fixture)
+        {
+        }
+
+        [Fact]
+        public Task CustomHeadersMiddlewareRootUrl()
+        {
+            return CustomHeadersMiddlewareRootUrlTest();
+        }
+
+        [Fact]
+        public Task CustomHeadersMiddlewareAdminUrl()
+        {
+            return CustomHeadersMiddlewareAdminUrlTest();
+        }
+
+        [Fact]
+        public Task CustomHeadersMiddlewareHttpTriggerUrl()
+        {
+            return CustomHeadersMiddlewareHttpTriggerUrlTest();
+        }
+
+        [Fact]
+        public Task CustomHeadersMiddlewareExtensionWebhookUrl()
+        {
+            return CustomHeadersMiddlewareExtensionWebhookUrlTest();
+        }
+
+        public class TestFixture : CustomHeadersMiddlewareTestFixture
+        {
+            private const string ScriptRoot = @"TestScripts\CustomHeadersMiddleware\Node";
+
+            public TestFixture() : base(ScriptRoot, "node", LanguageWorkerConstants.NodeLanguageWorkerName)
+            {
+            }
+        }
+    }
+}

test/WebJobs.Script.Tests.Integration/TestScripts/CustomHeadersMiddleware/CSharp/HttpTrigger/function.json

@@ -0,0 +1,16 @@
+{
+  "bindings": [
+    {
+      "type": "httpTrigger",
+      "name": "req",
+      "direction": "in",
+      "methods": [ "get" ],
+      "authLevel": "anonymous"
+    },
+    {
+      "type": "http",
+      "name": "$return",
+      "direction": "out"
+    }
+  ]
+}

test/WebJobs.Script.Tests.Integration/TestScripts/CustomHeadersMiddleware/CSharp/HttpTrigger/run.csx

@@ -0,0 +1,10 @@
+using System.Net;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Primitives;
+
+public static IActionResult Run(HttpRequest req, TraceWriter log)
+{
+    log.Info("C# HTTP trigger function processed a request.");
+
+    return new OkObjectResult("Success");
+}