Add a section to the config file for HTTP headers to add to responses

The example configuration files add X-Content-Type-Options: nosniff. Add coverage in existing registry/handlers unit tests. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2025-09-01 15:07:25 +00:00 · 2015-08-10 14:20:52 -07:00
parent 4f7cb60190
commit 9c3bed6b88
8 changed files with 68 additions and 1 deletions
--- a/registry/handlers/api_test.go
+++ b/registry/handlers/api_test.go
@@ -30,6 +30,10 @@ import (
 	"golang.org/x/net/context"
 )

+var headerConfig = http.Header{
+	"X-Content-Type-Options": []string{"nosniff"},
+}
+
 // TestCheckAPI hits the base endpoint (/v2/) ensures we return the specified
 // 200 OK response.
 func TestCheckAPI(t *testing.T) {
@@ -215,6 +219,7 @@ func TestURLPrefix(t *testing.T) {
 		},
 	}
 	config.HTTP.Prefix = "/test/"
+	config.HTTP.Headers = headerConfig

 	env := newTestEnvWithConfig(t, &config)

@@ -1009,6 +1014,8 @@ func newTestEnv(t *testing.T, deleteEnabled bool) *testEnv {
 		},
 	}

+	config.HTTP.Headers = headerConfig
+
 	return newTestEnvWithConfig(t, &config)
 }

@@ -1225,6 +1232,14 @@ func checkResponse(t *testing.T, msg string, resp *http.Response, expectedStatus

 		t.FailNow()
 	}
+
+	// We expect the headers included in the configuration
+	if !reflect.DeepEqual(resp.Header["X-Content-Type-Options"], []string{"nosniff"}) {
+		t.Logf("missing or incorrect header X-Content-Type-Options %s", msg)
+		maybeDumpResponse(t, resp)
+
+		t.FailNow()
+	}
 }

 // checkBodyHasErrorCodes ensures the body is an error body and has the