1. Developing Open Storefront Framework Applications for Oracle Commerce
  2. Set Up a Development Environment
  3. Work with Arbitrary Browser Request Headers

Work with Arbitrary Browser Request Headers

You can configure a list of headers that should be included in requests to forward arbitrary browser header requests made to the server.

In situations where you want forward arbitrary browser request headers that are not standard you can configure OSF to refer to a list of approved headers. When a request is made to the server, the server reviews the requested headers, fetches the data from the Storefront server, incorporates some of the headers used in the browser request and adds them to the request it makes to the Storefront server. Once it has gotten all of the appropriate data, it builds the web page. By configuring a list of headers, you can include headers that are received from the browser request and include them in the request made to the Storefront server.

For example, to test a site that it not live, you could use the Basic Authorization endpoint to make a request that contains a new header. The following is an example of enabling a specific header access to a site.

To configure the specific header, use the updateBasicAuthConfiguration endpoint and the header name in a configuration in your OSF workspace. In this example, the headersWhitelist property allows you to bypass the basic authentication challenge by including a special header in the request. When the browser constructs the web page request, it includes the X-My-Header in its request to the OSF server. The X-My-Header is copied form the browser requests and the fetch call is executed. The Storefront server receives the request that includes the X-My-Header header and checks to see if the request contains the same header. When the server finds the header listed in the headersWhitelist, it continues processing the request as normal.

Do the following:
  1. Add a header name to the headersWhiteList property on the updateBasicAuthConfiguration endpoint. For this example, create a header named X-My-Header:
    PUT /ccadmin/v1/merchant/basicAuth
{"headersWhitelist": ["X-My-Header"]}
  2. Add your new header string to the fetch.additionalForwardingHeaders list in the workspace:
    /config/middleware.js
    configuration file. For example:
    // File: config/middleware.js
 module.exports = { 
  fetch: {
    additionalForwardingHeaders: ['X-My-Header']
 } 
};
  3. Once you have created the header and included it in the configuration file, you must include X-My-Header: true header into any requests that you make. For example, you could use a command line tool to add the argument to specify the new header:
    $ curl 'https://<storefront-hostname>/path' --header 'X-My-Header: true'

For detailed information on working with the BasicAuthconfiguration endpoint, refer to the Oracle Commerce REST API.