Implement custom header to responses.

README.md

@@ -64,6 +64,7 @@ This will install `http-server` globally so that it may be run from the command
 |`-S`, `--tls` or `--ssl` |Enable secure request serving with TLS/SSL (HTTPS)|`false`|
 |`-C` or `--cert` |Path to ssl cert file |`cert.pem` | 
 |`-K` or `--key` |Path to ssl key file |`key.pem` |
+|`-H` or `--header` |Add extra header to all response | |
 |`-r` or `--robots` | Automatically provide a /robots.txt (The content of which defaults to `User-agent: *\nDisallow: /`)  | `false` |
 |`--no-dotfiles` |Do not show dotfiles| |
 |`--mimetypes` |Path to a .types file for custom mimetype definition| |

bin/http-server

@@ -55,6 +55,7 @@ if (argv.h || argv.help) {
     '  -S --tls --ssl   Enable secure request serving with TLS/SSL (HTTPS)',
     '  -C --cert    Path to TLS cert file (default: cert.pem)',
     '  -K --key     Path to TLS key file (default: key.pem)',
+    '  -H --header  Add extra header to all response, eg. "X-Frame-Options: DENY"',
     '',
     '  -r --robots        Respond to /robots.txt [User-agent: *\\nDisallow: /]',
     '  --no-dotfiles      Do not show dotfiles',
@@ -173,6 +174,16 @@ function listen(port) {
     }
   }
 
+  var extraHeaders = argv.H || argv.header;
+  if (extraHeaders) {
+    if (Array.isArray(extraHeaders)) {
+      options.extraHeaders = extraHeaders;
+    }
+    else {
+      options.extraHeaders = [extraHeaders];
+    }
+  }
+
   if (tls) {
     options.https = {
       cert: argv.C || argv.cert || 'cert.pem',

doc/http-server.1

@@ -116,6 +116,10 @@ Path to SSL key file.
 If not specified, uses key.pem.
 Passphrase will be read from NODE_HTTP_SERVER_SSL_PASSPHRASE (if set)
 
+.TP
+.BI \-H ", " \-\-header " " [\fIHEADER\fR]
+Add extra header to all response.
+
 .TP
 .BI \-r ", " \-\-robots " " [\fIUSER\-AGENT\fR]
 Respond to /robots.txt request.

lib/http-server.js

@@ -110,6 +110,13 @@ function HttpServer(options) {
     } : null));
   }
 
+  if (options.extraHeaders) {
+    options.extraHeaders.forEach(function (header) {
+      var split = header.split(/:(.+)?/);
+      this.headers[split[0]] = split[1];
+    }, this);
+  }
+
   if (options.robots) {
     before.push(function (req, res) {
       if (req.url === '/robots.txt') {

test/main.test.js

@@ -30,7 +30,11 @@ test('http-server main', (t) => {
         corsHeaders: 'X-Test',
         ext: true,
         brotli: true,
-        gzip: true
+        gzip: true,
+        extraHeaders: [
+          'Authorization:CustomToken',
+          'X-API-Key:VerySecureAndRandomToken'
+        ]
       });
       server.listen(8080, async () => {
         try {
@@ -63,6 +67,10 @@ test('http-server main', (t) => {
               // Custom headers
               t.equal(res.headers['access-control-allow-origin'], '*');
               t.equal(res.headers['access-control-allow-credentials'], 'true');
+
+              // Custom extra headers
+              t.equal(res.headers['authorization'], 'CustomToken');
+              t.equal(res.headers['x-api-key'], 'VerySecureAndRandomToken');
             }).catch(err => t.fail(err.toString())),
 
             // Get robots