Layer7 API Management

Expand all | Collapse all

HSTS in Customize error response

  • 1.  HSTS in Customize error response

    Posted 03-11-2019 11:18 AM

    Hi All, 


    I am using the Customize error response assertion to pass on the errors to the UI component.

    I have added few extra response headers to this assertion.

    For error cases, I have added Extra repsonse header for HSTS details as below :

    Name : Strict-Transport-Security

    value : ${request.http.header.Strict-Transport-Security}


    This gives empty value to the UI component in case of errors.


    The HSTS related assertion works fine in case of success scenarios which is added in the Global policy fragment .

    As I had already added the HSTS related Strict-Transport-Security header in the Global policy fragment,  was expecting the same to appear in response header for error scenarios but that doesn't seem to be working.


    Any suggestion please.



    Pramod Talekar

  • 2.  Re: HSTS in Customize error response

    Posted 03-11-2019 05:49 PM

    It depends where the error occurs, if the error occurs after the custom response header, you should be able to get the header value, but if the error occurs before you set the new header, it won't work.


    from my point of view, if you want to return extra info, return it in the custom error response body will be more reliable