Reputation: 43
Mule 4 - Unable to override some of the values of HTTP Response headers
I am facing difficulties in overriding the list of HTTP Response headers listed below
X-Content-Type-Options (from 1 to nosniff)
X-Frame-Options (from SAMEORIGIN to deny)
Set-Cookie (add HttpOnly;Secure)
I have tried to put these values into the Listener's HTTP Response headers as well as utilizing the Header Removal and Header Injection in the API Manager policies but to no success in overriding to the intended values.
May I know how do override the HTTP Response headers? Kindly refer to the photo of the values that I have set.
API Policies
Header Removal
Header Injection
Listener's response header values in the mule project
Response header from the API call
Upvotes: 0
Views: 1564
Answers (2)
Reputation: 141
These headers "X-Content-Type-Options", "X-Frame-Options" are injected by DLB, so not able to remove or modify at Mule app or policy level, unless not using DLB. MuleSoft has fixed it and should be available in their next release.
Upvotes: 1
Reputation: 1226
In the API Manager policies, use the Inbound Header Map instead of the Outbound Header Map for both header removal and injection.
Upvotes: 0
Related Questions
- Unable to read exact error response body from HTTP Request connector in Mule 4.2
- Mule 3: How to get the HTTP headers from a MuleMessage
- Mule: How to prevent WS Consumer generating headers in the request?
- Mulesoft Http:Request - Receiving Error: HTTP packet header is too large
- How to remove Mule default headers and set Headers received from Third party API
- How to not send mule headers in soap request and response
- Custom HTTP method at Mule HTTP point
- Adding custom HTTP header in Mule HTTP endpoint
- bad request(400) in mule http
- Can't receive an HTTP response from Mule