StaticResponseHandler

Creates a response to a request statically or based on something in the context.

Usage

{
   
     "name": string,
     "type": "StaticResponseHandler",
     "config": {
         "status": runtime expression<number>,
         "reason": runtime expression<string>,
         "version": runtime expression<string>,
         "headers": object,
         "entity": runtime expression<string>
     }
}

Properties

"status": runtime expression<number>, required

The response status code (for example, 200).

"reason": runtime expression<string>, optional

The response status reason (for example, "OK").

"version": runtime expression<string>, optional

Protocol version. Default: "HTTP/1.1".

"headers": object, optional

Header fields to set in the response, with the format name: [ value, ... ], where:

  • name is a configuration expression that resolves to a string for a header name. If multiple expressions resolve to the same final string, name has multiple values.

  • value is a runtime expression that resolves to one or more header values.

When the property entity is used, you are recommended to set a Content-Type header with the correct content type value. The following example sets the content type of a message entity in the response:

"headers": {
  "Content-Type": [ "text/html" ]
}

The following example is used in 05-federate.json to redirect the original URI from the request:

"headers": {
  "Location": [
     "http://sp.example.com:8080/saml/SPInitiatedSSO"
  ]
}
"entity": runtime expression<string>, optional

The message entity to include in the response. If present, it must conform to the Content-Type header and set the content length header automatically.

Important

Attackers during reconnaissance can use response messages to identify information about a deployment. For security, limit the amount of information in messages, and avoid using words that help identify IG.

Default: No message entity

Example

{
  "name": "ErrorHandler",
  "type":"StaticResponseHandler",
  "config": {
    "status": 500,
    "reason": "Error",
    "headers": {
      "Content-Type": [ "text/html" ]
    }
    "entity": "<html>
              <h2>Epic #FAIL</h2>
              </html>"
  }
}
Read a different version of :